Re: Please Help me- Creating Custom tokens
From: Sumaira Ahmad (sumaira.ahmad_at_gmail.com)
Date: 10/20/04
- Next message: Hervey Wilson [MSFT]: "Re: WSE 2 seems not work with Framework 2 (VS2005 beta 1)"
- Previous message: Tim Heuer: "Re: Using x509 without Windows Groups"
- In reply to: Softwaremaker: "Re: Please Help me- Creating Custom tokens"
- Next in thread: Sumaira Ahmad: "Re: Please Help me- Creating Custom tokens-PLEASE HELP ME!!!!!!!!!!!!"
- Reply: Sumaira Ahmad: "Re: Please Help me- Creating Custom tokens-PLEASE HELP ME!!!!!!!!!!!!"
- Reply: Softwaremaker: "Re: Please Help me- Creating Custom tokens"
- Messages sorted by: [ date ] [ thread ]
Date: 20 Oct 2004 09:17:33 -0700
Hi,
thanks so much for your time.. Let me explain the scenario here...
I will have an ASP.NET Web Application that will interact with Web
Services to perform some tasks..
The user/client calls the Web Service and also sends his encrypted
username token. So before he his given access to the Web Method, the
WSE on the Web Service first authenticates him against Active
Directory( Using UsernameTokenManagers- Authenticate Method). After he
is authenticated in the Web method before the response is sent I will
retrieve the groups to which he belongs to and wil verify if he is
allowed to access the web method he requested. Now the Web server in
his response along with other information in the body will send back
an encrypted token in the response header. The token will have the
username, the groups to which he belongs to and time when the token
will expire. The ASP.NET Application will receive the token and send
it back untouched when the user requests for another page which may
access another method of the Web Service. So then the server will not
now expect a username token. It will expect the encrpted token, will
check the time has not expired and if not, then it will not be
required to again authenticate and authorize the client.
So i dont know if I can use Forms authentication..when I am using Web
Services..Can I??
I am pretty new to all this...I hope I am clear.. Can u please guide
me...as to how I can achieve this..
Thank you so much,
Sumaira
"Softwaremaker" <msdn@removethis.softwaremaker.net> wrote in message news:<u4GPRimtEHA.2128@TK2MSFTNGP11.phx.gbl>...
> Wait a second...am reading your initial post with more detail.
>
> > In ASP.NET Web Application/We Server...
>
> Are we talking about a ASP.NET Web Application here or a Web Service call
> with WSE ?
>
> If you are talking about a ASP.NET Web Application, Windows and Forms
> Authentication provides you that infrastructure right out of the box.
>
> --
> Thank you.
> ~Softwaremaker
>
> ==================================
>
>
> "Softwaremaker" <msdn@removethis.softwaremaker.net> wrote in message
> news:OFNFmfmtEHA.3320@TK2MSFTNGP15.phx.gbl...
> > Yes, you are free to do implement your own security elements in the header
> > if you choose to. They are not standards-based though so if you trying to
> > interoperate with other systems that you have no control of, you may run
> > into problems.
> >
> > There may be a security caveat breach though, anyone can do a MITM attack
> > and replace your custom security token lock-stock-barrel with an
> > unauthorized or untrusted one if you choose not to authenticate the user
> at
> > every method invocation.
> >
> >
> > --
> > Thank you.
> > ~Softwaremaker
> >
> > ==================================
> >
> > "Sumaira Ahmad" <sumaira.ahmad@gmail.com> wrote in message
> > news:1627c5ae.0410191841.292c952c@posting.google.com...
> > > But i guess that deals with the client sending a custom token obtained
> > > from a token issuer and using that to encrypt and sign the requests..
> > > But the problem i want to solve is slightly different since I want to
> > > send an encrypted token in the header of the response message . The
> > > token created by the server has some user info such as his first name
> > > last name , etc. Will those samples help me??
> > > I did have a look at it once, but was wondering if there was an easy
> > > way of implementing it.. Looked pretty complicated to me...
> > > So u think that can help my implementation??
> > >
> > > Thanks,
> > > Sumaira
> > >
> > > "Softwaremaker" <msdn@removethis.softwaremaker.net> wrote in message
> news:<uVKjDoitEHA.3448@TK2MSFTNGP09.phx.gbl>...
> > > > If you are looking for some custom security token implementations, you
> can
> > > > check out some of the excellent samples that came with the WSE2.0
> download
> > > >
> > > > CustomBinarySecurityToken and the CustomXMLSecurityToken samples.
> > > >
> > > > Some of them uses an implementation of the SCT (SecureContextToken) as
> > > > outlined in WS-Trust.
> > > >
> > > > --
> > > > Thank you.
> > > >
> > > > Regards,
> > > > Softwaremaker
> > > > http://www.softwaremaker.net/blog
> > > >
> > > > =========================================
> > > >
> > > > "Sumaira Ahmad" <sumaira.ahmad@gmail.com> wrote in message
> > > > news:1627c5ae.0410191230.1e4729e8@posting.google.com...
> > > > > Hi,
> > > > >
> > > > > Please help me know how to do this..
> > > > >
> > > > > In ASP.NET Web Application/We Server , I want to send back an
> > > > > encrypted token from the server to the client. This encrypted token
> > > > > will contain information such as: Username, groups that he belongs
> to,
> > > > > timestamp and expiry time. The client would just store this token
> and
> > > > > send it to the server the next time when it requests a page instead
> of
> > > > > sending a Username token and getting it authenticated and authorized
> > > > > again.
> > > > > Can someone please tell me how to create an encrypted token on the
> > > > > server and send it back in the response Soap Header??
> > > > >
> > > > > Please.. Any help would be highly appreciated.
> > > > >
> > > > > Regards,
> > > > > Sumaira
> >
> >
- Next message: Hervey Wilson [MSFT]: "Re: WSE 2 seems not work with Framework 2 (VS2005 beta 1)"
- Previous message: Tim Heuer: "Re: Using x509 without Windows Groups"
- In reply to: Softwaremaker: "Re: Please Help me- Creating Custom tokens"
- Next in thread: Sumaira Ahmad: "Re: Please Help me- Creating Custom tokens-PLEASE HELP ME!!!!!!!!!!!!"
- Reply: Sumaira Ahmad: "Re: Please Help me- Creating Custom tokens-PLEASE HELP ME!!!!!!!!!!!!"
- Reply: Softwaremaker: "Re: Please Help me- Creating Custom tokens"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
