Re: Testing Routine for WSE 2.0
- From: "William Stacey [MVP]" <staceyw@xxxxxxxx>
- Date: Mon, 26 Sep 2005 14:37:12 -0400
I would first question the use of UsernameTokens. How are you sending the
password (hash, none, clear). I would tend to favor SCTs over UT if
security is important.
--
William Stacey [MVP]
"Microsoft" <chris.arnold@xxxxxxxxxxxxxxxxxx> wrote in message
news:OXoD9DrwFHA.3312@xxxxxxxxxxxxxxxxxxxxxxx
> Hi All,
>
> I have almost completed the first stage of our security upgrades for our
> web services. So far I have implemented Authentication, Authorization,
> Signing & Encryption from client to server. The first 2 of these I can
> test very simple. However, I am uncertain how to test the latter 2
> subjects (short of becoming a fulltime hacker who can intercept the SOAP
> message and change it!).
>
> Does anyone have any proven methods for testing the integrity of the
> messages?
>
> As background, I am using UsernameToken object as my SecurityToken model;
> I have implemented my own UsernameTokenManager that assigns Roles to the
> authenticated token.
>
> Many thanks,
>
> Chris
>
.
- Follow-Ups:
- Re: Testing Routine for WSE 2.0
- From: Chris Arnold
- Re: Testing Routine for WSE 2.0
- References:
- Testing Routine for WSE 2.0
- From: Microsoft
- Testing Routine for WSE 2.0
- Prev by Date: Re: Testing Routine for WSE 2.0
- Next by Date: WSE Samples and the need to give ASP.NET....
- Previous by thread: Re: Testing Routine for WSE 2.0
- Next by thread: Re: Testing Routine for WSE 2.0
- Index(es):
Relevant Pages
|
