Re: Authenticating calling application?
From: Dilip Krishnan (dilipdotnet..NOSPAM.._at_apdiya.com)
Date: 03/26/04
- Next message: Dilip Krishnan: "Re: Referencing RequestSoapContext in SoapExtension"
- Previous message: jelidp: "How does a remote client discover WSE Requirements?"
- In reply to: snakebite: "Authenticating calling application?"
- Next in thread: snakebite: "Re: Authenticating calling application?"
- Reply: snakebite: "Re: Authenticating calling application?"
- Messages sorted by: [ date ] [ thread ]
Date: Fri, 26 Mar 2004 09:58:51 -0600
Is there a reason why you want to use certificates? Certificate
distribution is always a problem and especially in a case where multiple
applications integrate with each other? If all you need to do is to
track an application you could develop a custom WSE filter that does the
job for each application. Let me know if I have understood your
requirements wrongly
snakebite wrote:
> Hi,
>
> I work at a hospital where we have some 5000 users, some 100 applications developed over the years by outside consultants in varying languages. Integration is a mess. We are going to bring order to this by encapsulating all integration as web-services.
>
> I'm looking into authentication and signing now, but came upon a problem. I would like our *applications* to sign their SOAP requests rather than the end-users signing the requests. The reasons for this are:
> - We need to track what application is calling what service. This is part of being able to monitor dependencies among applications - our main problem.
> - Our users sometimes use "shared accounts" because it's more practical in their work. So a user certificate wouldn't say much.
> - We have older versions of Windows installed here and there. I'm not sure how easy it is to reach a central certificate store from Win98 or even WinNT. We have to minimize the need for local machine configuration.
> - SOAP requests will also be made from servers, not just client machines. E.g. we have apps connecting to SQLServer 7/2K using SQL Server authentication (secret app-shared login), and we will need to make SOAP requests from stored procedures. I.e. no direct relation to the end-user's login.
>
> All I see is in WSE 1.0 and 2.0 is certificate stores related to the current Windows user. What I'm thinking would solve our problem is a certificate including private key compiled into the applications, or stored as a string in the stored procedure code, etc. Is this possible to do?
>
> Thanks.
>
-- Regards, Dilip Krishnan MCAD, MCSD.net dilipdotnet at apdiya dot com
- Next message: Dilip Krishnan: "Re: Referencing RequestSoapContext in SoapExtension"
- Previous message: jelidp: "How does a remote client discover WSE Requirements?"
- In reply to: snakebite: "Authenticating calling application?"
- Next in thread: snakebite: "Re: Authenticating calling application?"
- Reply: snakebite: "Re: Authenticating calling application?"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
