Re: Web services & SSL

---

• From: "Josh Twist" <josh.twist@xxxxxxxxx>
• Date: 15 Jun 2006 13:13:33 -0700

---

Right - I'd definitely have a look at the stuff there so you can bear
in mind how it works. WCF is the future of web services on the windows
platform so you'll want a nice easy migration when it is released.

Josh
http://www.thejoyofcode.com/

Simon Hart wrote:

WCF (WinFX) is not in RTA release yet though right.

Simon.

"Josh Twist" <josh.twist@xxxxxxxxx> wrote in message
news:1150230411.039279.237230@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

SSL is still an excellent way of securing your transmissions even
though you're not using a 'browser'. You're still using HTTPS so the
client (your proxy) will act in the same way as your browser and
encrypt the message as required.

There are other tools you could use to secure transmissions such as
WSE3, but SSL is great because it's tried and tested and takes place at
a higher level of abstraction- therefore you don't have to change
anything in your code to use it.

(Without wanting to cloud the issue, you might want to look at WCF
(windows communication foundation) for hosting your web service, which
takes this whole idea of protocol abstaction to whole new level with
its ABCs (Address, Binding, Contract) of web services.

Josh
http://www.thejoyofcode.com/

cn2006a wrote:

Hi, I am new to web services and have to write one end of a B2B
application, ie my app will talk to a remote app and vice versa. The
developer of the other end is suggesting we use SSL for security.

I'm still trying to understand the security options, and I'm slightly
confused about using SSL. My understanding is that when using HTTPS,
decryption happens in the browser rather than within IIS. Since I will
not be using a browser to talk to the other end, where does the
decryption take place? Do I call a library routine to do this? Or
should I look at securing this app some other way, eg something within
WSE?

Thanks,

ChrisN

.

---

• References:
  • Web services & SSL
    • From: cn2006a
  • Re: Web services & SSL
    • From: Josh Twist
  • Re: Web services & SSL
    • From: Simon Hart

• Prev by Date: Invoke method returns "undefined value"
• Next by Date: Re: Calling Web Service that calls other Web Service with Windows Authentication
• Previous by thread: Re: Web services & SSL
• Next by thread: Encrypting in WebService
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: Web services & SSL ... WCF is not in RTA release yet though right. ... though you're not using a 'browser'. ... I'm still trying to understand the security options, ... My understanding is that when using HTTPS, ... (microsoft.public.dotnet.framework.aspnet.webservices) Microsoft .NET ... reading up various documents that discuss - "What is Microsoft .Net" ... I'm trying to write a paper on security and software development using ... utilize connected solutions using Web services, ... language, of course, but also: ... (microsoft.public.dotnet.general) Re: C# Exceptions ... What attack scenarios could be possible on such an application? ... > Are these issues really a security threat for a desktop application? ... > this application gets from its web services. ... > Cenzic Hailstorm finds vulnerabilities fast. ... (Pen-Test) Re: WebServices Testing ... I am tasked with doing some security testing on a new web services ... But,,, this is why the infosec bizz has become cowboy territory rather then a serious ... maybe its time that each security certification selling company keeps a public list on ... (Pen-Test) Issues hosting WCF web service object in IIS ... I'm trying to get my head around the real advantages of using WCF ... web services as opposed to good-ol .asmx files. ... For WCF web services, I have to create a class library to house my ... Now my problem is getting this thing hosted in IIS. ... (microsoft.public.dotnet.framework.aspnet)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(12)