Re: SSL for very simple security need in web service app

---

• From: "news.microsoft.com" <rob@xxxxxxxxxxxxxxxxxxx>
• Date: Mon, 17 Oct 2005 16:21:35 -0700

---

My apologies....

That last note went out with a user name of "news.microsoft.com". Apparently
my news reader was misconfigured. It was really from me.

Rob Schripsema
DeWaard and Jones

"news.microsoft.com" <rob@xxxxxxxxxxxxxxxxxxx> wrote in message
news:%23vYoIE30FHA.2212@xxxxxxxxxxxxxxxxxxxxxxx
> I'm looking for a nudge in the right direction.
>
> We have an order processing system that currently has a simple ASP.NET web
> interface. Various clients who want to place orders already have a userID
> and password specified within our application (i.e., not Windows
> authentication) that they must supply in order to logon to their 'account'
> and submit orders for themselves. They communicate from a browser over the
> public internet. The browsers/server utilize SSL for encrypting the web
> traffic.
>
> We'd now like to implement this functionality as a web service to interact
> with some desktop applications that can generate orders. We'd like to have
> the remote app simply transfer the data, presumably in an XML format that
> we already have defined, over the public internet, providing their userID
> and password.
>
> My question is: if we just add the userID and password in the XML
> schema/data, is the SSL layer sufficient to ensure that anyone who might
> intercept the traffic en route would not be able to determine the UserID
> and password? Once we have the XML data in our app, it would be a trivial
> matter to determine if the data is coming from a source that had a
> legitimate, active UserID and a valid password. And that's pretty much all
> we'd need.
>
> I read about WSE, WS-Security, etc. and it all seems like so much overkill
> for my needs -- but I can't locate a single, simple scenario that looks
> like what I have in mind here.
>
> Any direction would be greatly appreciated!
>
> Rob Schripsema
> DeWaard and Jones Company
> Bellingham, WA
>
>
>
>


.

---

• Follow-Ups:
  • Re: SSL for very simple security need in web service app
    • From: CESAR DE LA TORRE [MVP]

• References:
  • SSL for very simple security need in web service app
    • From: news.microsoft.com

• Prev by Date: SSL for very simple security need in web service app
• Next by Date: RE: Calling a webservice from a page
• Previous by thread: SSL for very simple security need in web service app
• Next by thread: Re: SSL for very simple security need in web service app
• Index(es):
  • Date
  • Thread

---

Relevant Pages SSL for very simple security need in web service app ... Various clients who want to place orders already have a userID ... The browsers/server utilize SSL for encrypting the web ... the remote app simply transfer the data, presumably in an XML format that we ... if we just add the userID and password in the XML ... (microsoft.public.dotnet.framework.aspnet.webservices) Simple export from db1 import to db2 using xml problem ... trying to use FOR XML to generate XML data and XSD and ... the XSD I get from: ... SELECT USERID + '99' AS USERID, UserGrp AS UserGrp, BOS AS BOS, ... RptVisibility, OPAGY AS OPAGY, OPAGYacct AS OPAGYacct, ... (microsoft.public.sqlserver.xml)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(13)