Securing Web Servicesq

From: "Chris" <nospam@xxxxxxxxxx>
Date: Wed, 20 Dec 2006 20:38:04 -0000

I want to secure a web service so only authorized client apps can use it.
Will using SSL with an encrypted username and password in the soap header do
the job? I know you could potentially capture a post to a web service (or
anything sent over the web). Will SSL mean you can't capture the stream to
the web service and resend it? I am thinking if the post to the web service
contains the username and password then it is useless unless SSL means it
can't be captured and reused? Regards.

.

Follow-Ups:
- Re: Securing Web Servicesq
  - From: Andy

Prev by Date: Re: How to retrieve the domain name for an AD user object?
Next by Date: Re: How to deploy a VS2005 VB app without signing the clickonce manifest and assy
Previous by thread: Re: How to retrieve the domain name for an AD user object?
Next by thread: Re: Securing Web Servicesq
Index(es):
- Date
- Thread

Relevant Pages

Re: Need for encryption in WSE 3.0 if using SS-avoid man-in-middle
... if the other endpoint has a trusted and valid SSL certificate, he would see the data in cleartext. ... But if you let customers change the endpoint address they must be also able to change the server certificate for mutual authentication..so i don't see a real advantage to use additional message security - and you are in the same situation as with transport security. ... I plan on upgrading my .NET 2.0 web service to use WSE 3.0. ...
(microsoft.public.dotnet.framework.aspnet.security)
Re: Securing Web Servicesq
... a replay attack on the same session is also avoided because ... SSL session. ... I know you could potentially capture a post to a web service ...
(microsoft.public.dotnet.security)
Re: Underlying Connection Was Closed Error
... a web service on IIS 6.0 via SSL and using X509 Client Certificates. ... or the .NET Framework Networking and Communication forum at http://forums.microsoft.com/MSDN/ShowForum.aspx?ForumID=40&SiteID=1. ...
(microsoft.public.dotnet.framework.webservices)
Re: Web Service, Authentication, Security & Domains
... The easy way to do this is with Basic authentication and SSL. ... that does send the password across the wire (although it is ... Windows application will communicate to the Web Service via internet ...
(microsoft.public.dotnet.security)
Re: Web Services and SSL
... You don't need to do anything diferent in development to publish a Web Service in SSL. ... You can use WSE 3 with UserNameToken assertion to validate the username and password http://msdn2.microsoft.com/en-us/library/aa480575.aspx ... I have reviewed the MSDN documentation with regards security etc. but ...
(microsoft.public.dotnet.framework.aspnet.webservices)