Re: trying to extend a custom authentication system.
From: hazz (hazz_at_sonic.net)
Date: 10/06/04
- Next message: Julie Lerman: "Re: New User Encrypting Username Token Issue"
- Previous message: Dan: "Re: New User Encrypting Username Token Issue"
- In reply to: hazz: "trying to extend a custom authentication system."
- Messages sorted by: [ date ] [ thread ]
Date: Wed, 6 Oct 2004 16:42:00 -0600
just found the following which may speak to my requirement;
http://msdn.microsoft.com/webservices/default.aspx?pull=/library/en-us/dnwse/html/wssecdrill.asp
"hazz" <hazz@sonic.net> wrote in message
news:ucXK%23B%23qEHA.3324@TK2MSFTNGP15.phx.gbl...
> I am trying to extend a custom authentication system and I'm trying to
> figure out how I might be able to utilize WSE 2.0.
>
> From the current presentation layer, a username/password is passed to a
> component which hits the database and and an encrypted xml string is
> returned containing some authorization info.
> That encrypted xml string ends up getting passed latter (when the user
wants
> to do something requiring authorization) as a parameter and decrypted and
> then deserialized.
>
> What I would like to do is extend the presentation layer with Wizzy so
that
> internet applications can authenticate securely as well.
>
> What features of WSE 2.0 would I utilize so that I can send my username
and
> password securely to a web service and then have that endpoint return my
> encrypted string.
>
> This is a kind of end-to-end hybrid rather than point-to-point as I just
> read in Don Box's article if I understand him correctly. (He is like
reading
> fine literature, absolutely fascinating but sometimes not sure if I get
it.)
> That is to say that just because the user has been authenticated, it
doesn't
> mean they are authorized to do anything. The encrypted string holds the
> secrets which will be revealed when the end user tries to access some
> functionality within the component library. I am explaining this only
> because someone may ask, why are you not just returning a simple
> authenticated or unauthenticated boolean?
>
> So I guess what I want to do is just be able to securely pass my
> username/token initially to a web service (and not have it be clear text)
> and then have it return the encrypted string. It won't have to be
encrypted
> on the return trip Can WSE2.0 be used as a kind of a flexible alternate
to
> SSL/TLS, passing parameters back and forth in a secure fashion when
> encryption of the message (ie. username/password) is necessary?
>
> Thanks for letting me think through this. I may not be asking the right
> question yet, or at least not asking it clearly.
>
> Appreciatively, -greg
>
>
- Next message: Julie Lerman: "Re: New User Encrypting Username Token Issue"
- Previous message: Dan: "Re: New User Encrypting Username Token Issue"
- In reply to: hazz: "trying to extend a custom authentication system."
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
