how can we restrict what certificate WSE will use?
- From: <jason.chen@xxxxxxxxxxxxxxxxx>
- Date: Sun, 18 Sep 2005 17:07:24 -0400
assume I'm hosting a webservice, I have 2 trusted clients consume my
webservice, each client will send in properly encrypted and signed request,
WSE will take care of decryption and verification of the signature,
everything works great. now there is a hacker, tries to consume my
webservice, he encrypted his request using my public key, and signed his
request using his own private key, when I received the request WSE will
automatically decrypt it and verify the signature successfully before
reaching my code where I verify it's a trusted client. as you can see, the
decryption and signature verify happens automatically before I can check if
it's a trusted client.
my question is, is there a way I can short circuit this process so that I
can terminate the request before decryption/ signature verification happens?
thanks,
-Jason
.
- Follow-Ups:
- RE: how can we restrict what certificate WSE will use?
- From: Steven Cheng[MSFT]
- RE: how can we restrict what certificate WSE will use?
- Prev by Date: Re: what certificate to buy from Verisign ?
- Next by Date: Re: what certificate to buy from Verisign ?
- Previous by thread: Verify Digital Signatures of SOAP Messages Signed Using a User Name and Password
- Next by thread: RE: how can we restrict what certificate WSE will use?
- Index(es):
Relevant Pages
|
Loading
