Re: Please Help me- Creating Custom tokens
From: Softwaremaker (msdn_at_removethis.softwaremaker.net)
Date: 10/20/04
- Next message: Softwaremaker: "Re: Please Help me- Creating Custom tokens"
- Previous message: Sumaira Ahmad: "Re: Please Help me- Creating Custom tokens"
- In reply to: Sumaira Ahmad: "Re: Please Help me- Creating Custom tokens"
- Next in thread: Softwaremaker: "Re: Please Help me- Creating Custom tokens"
- Reply: Softwaremaker: "Re: Please Help me- Creating Custom tokens"
- Messages sorted by: [ date ] [ thread ]
Date: Wed, 20 Oct 2004 13:44:14 +0800
Yes, you are free to do implement your own security elements in the header
if you choose to. They are not standards-based though so if you trying to
interoperate with other systems that you have no control of, you may run
into problems.
There may be a security caveat breach though, anyone can do a MITM attack
and replace your custom security token lock-stock-barrel with an
unauthorized or untrusted one if you choose not to authenticate the user at
every method invocation.
-- Thank you. ~Softwaremaker ================================== "Sumaira Ahmad" <sumaira.ahmad@gmail.com> wrote in message news:1627c5ae.0410191841.292c952c@posting.google.com... > But i guess that deals with the client sending a custom token obtained > from a token issuer and using that to encrypt and sign the requests.. > But the problem i want to solve is slightly different since I want to > send an encrypted token in the header of the response message . The > token created by the server has some user info such as his first name > last name , etc. Will those samples help me?? > I did have a look at it once, but was wondering if there was an easy > way of implementing it.. Looked pretty complicated to me... > So u think that can help my implementation?? > > Thanks, > Sumaira > > "Softwaremaker" <msdn@removethis.softwaremaker.net> wrote in message news:<uVKjDoitEHA.3448@TK2MSFTNGP09.phx.gbl>... > > If you are looking for some custom security token implementations, you can > > check out some of the excellent samples that came with the WSE2.0 download > > > > CustomBinarySecurityToken and the CustomXMLSecurityToken samples. > > > > Some of them uses an implementation of the SCT (SecureContextToken) as > > outlined in WS-Trust. > > > > -- > > Thank you. > > > > Regards, > > Softwaremaker > > http://www.softwaremaker.net/blog > > > > ========================================= > > > > "Sumaira Ahmad" <sumaira.ahmad@gmail.com> wrote in message > > news:1627c5ae.0410191230.1e4729e8@posting.google.com... > > > Hi, > > > > > > Please help me know how to do this.. > > > > > > In ASP.NET Web Application/We Server , I want to send back an > > > encrypted token from the server to the client. This encrypted token > > > will contain information such as: Username, groups that he belongs to, > > > timestamp and expiry time. The client would just store this token and > > > send it to the server the next time when it requests a page instead of > > > sending a Username token and getting it authenticated and authorized > > > again. > > > Can someone please tell me how to create an encrypted token on the > > > server and send it back in the response Soap Header?? > > > > > > Please.. Any help would be highly appreciated. > > > > > > Regards, > > > Sumaira
- Next message: Softwaremaker: "Re: Please Help me- Creating Custom tokens"
- Previous message: Sumaira Ahmad: "Re: Please Help me- Creating Custom tokens"
- In reply to: Sumaira Ahmad: "Re: Please Help me- Creating Custom tokens"
- Next in thread: Softwaremaker: "Re: Please Help me- Creating Custom tokens"
- Reply: Softwaremaker: "Re: Please Help me- Creating Custom tokens"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
