Re: Web Service and Security

From: Chris Jackson (chrisjATmvpsDOTorgNOSPAM)
Date: 03/17/04

Next message: Chris Jackson: "Re: Dynamic Method/Event Invocation"
Previous message: Chris Jackson: "Re: Dynamic Control in an Assembly"
In reply to: Matt Tapia: "Re: Web Service and Security"
Messages sorted by: [ date ] [ thread ]

Date: Wed, 17 Mar 2004 11:45:20 -0500

You could install SSL on the server that is hosting the web service.
Alternately, you could use WS-Security. Take a look at the Web Service
Extensions - they provide some wrapper classes that make this a lot easier
to implement.

-- 
Chris Jackson
Software Engineer
Microsoft MVP - Windows Client
Windows XP Associate Expert
-- 
More people read the newsgroups than read my email.
Reply to the newsgroup for a faster response.
(Control-G using Outlook Express)
-- 
"Matt Tapia" <mtapia@inbizservices.com> wrote in message 
news:ejdzqc5CEHA.2768@tk2msftngp13.phx.gbl...
> Do you have any idea what some alternatives would be to make it encrypted?
> Note: I am passing back a dataset from the web service.
>
> "Chris Jackson" <chrisjATmvpsDOTorgNOSPAM> wrote in message
> news:%23xy20O5CEHA.3132@TK2MSFTNGP11.phx.gbl...
>> It will not be encrypted.
>>
>> -- 
>> Chris Jackson
>> Software Engineer
>> Microsoft MVP - Windows Client
>> Windows XP Associate Expert
>> -- 
>> More people read the newsgroups than read my email.
>> Reply to the newsgroup for a faster response.
>> (Control-G using Outlook Express)
>> -- 
>>
>> "Matt Tapia" <mtapia@inbizservices.com> wrote in message
>> news:u22RlJ5CEHA.2556@TK2MSFTNGP12.phx.gbl...
>> >I have a web app. that is on secure server (SSL) that calls a 
>> >web-service
>> >on
>> > another service not secure (NO SSL). Is the data passed from the web
>> > service
>> > to the secure server protected because the server calling the web
> service
>> > is
>> > secure? Or is not protected at all because the computer with the
>> > web-service
>> > is not secure?
>> >
>> > Thanks!
>> >
>> >
>>
>>
>
>

Next message: Chris Jackson: "Re: Dynamic Method/Event Invocation"
Previous message: Chris Jackson: "Re: Dynamic Control in an Assembly"
In reply to: Matt Tapia: "Re: Web Service and Security"
Messages sorted by: [ date ] [ thread ]

Relevant Pages

Most users cant connect to our SSL-- help!
... I've included all relevant SSL settings from our ... Subject: Large percentage of customers cannot connect to https: ... server, which then grinds indefinitely. ... "2) Your secure order form is not working. ...
(comp.security.misc)
Most users cant connect to our SSL-- help!
... I've included all relevant SSL settings from our ... Subject: Large percentage of customers cannot connect to https: ... server, which then grinds indefinitely. ... "2) Your secure order form is not working. ...
(comp.security.ssh)
Most users cant connect to our SSL-- help!
... I've included all relevant SSL settings from our ... Subject: Large percentage of customers cannot connect to https: ... server, which then grinds indefinitely. ... "2) Your secure order form is not working. ...
(comp.security.unix)
Re: ModSSL - Knoppix 3.3
... NameVirtualHosts and SSL don't mix. ... This automatically pushes an incorrect http request to the secure host over ... > I create some server key & crt. ...
(Focus-Linux)
Re: Need for encryption in WSE 3.0 if using SS-avoid man-in-middle
... if the other endpoint has a trusted and valid SSL certificate, he would see the data in cleartext. ... But if you let customers change the endpoint address they must be also able to change the server certificate for mutual authentication..so i don't see a real advantage to use additional message security - and you are in the same situation as with transport security. ... I plan on upgrading my .NET 2.0 web service to use WSE 3.0. ...
(microsoft.public.dotnet.framework.aspnet.security)