Re: Can WSE 3.0 do this for me?

So if use UsernameOverTransport to do the authentication once then can I also
use message layer encryption rather than transport layer. Cause in the WSE
3.0 docs it says if you use UsernameOverTransport security assertion then you
must encrypt at the transport layer. I hope I can use it and be able to
encrypt at the message layer. Is this possible?

Thanks

"Pablo Cibraro" wrote:

Hi,

WSE 3.0 does not provide a scenario to encrypt a message using only an
UsernameToken. You will have to develop your own custom security assertion
to encrypt the message with a Username token (I think there are some
implementations of this on internet).
Kerberos is another approach, and WSE already provides an security assertion
for that scenario.

In order to authenticate the user once, you will have to use the
"SecureConversation" feature. This feature is provided by default for all
security security assertion shipped within WSE 3.0 (Kerberos,
UsernameForCertificate, UsernameOverTransport, MutualX509, etc).

Regards,
Pablo Cibraro
http://weblogs.asp.net/cibrax

"Solitude" <Solitude@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:AF68CF9B-DE29-4473-AEA9-453543B71771@xxxxxxxxxxxxxxxx
So I am guessing maybe I need to look into using a custom STS to
authenticate
once and then use that token to keep doing secure transactions between the
client and the server. Am I on the right path here?


"Solitude" wrote:

Hi,

I am interested whether WSE 3.0 can do this for me. I would like my
messages
between the client and service to be encrypted without using
certificates.
And not only that I would like to only have to send up the username and
password for authentication once and then each subsequent call to the
service
not have to send up this information anymore.... We are really looking
for
something that doesn't keep connections alive so that are application can
scale, but doesn't have to keep reinitializing the encryption (wasting
all
that setup time). Can WSE 3.0 does this for us?

Thanks



.

Relevant Pages

  • WSE 3.0 Policy and Encrypting Custom Headers (XML Encryption Spec)
    ... I am curious if WSE 3.0 policy or any other features of WSE 3.0 make it ... easier to encrypt custom soap headers to conform to the Xml Encryption Spec. ... but you can't speciy any part of the soap header to be ...
    (microsoft.public.dotnet.framework.webservices.enhancements)
  • Re: WSE 3.0 Policy and Encrypting Custom Headers (XML Encryption Spec)
    ... >I am curious if WSE 3.0 policy or any other features of WSE 3.0 make it ... > easier to encrypt custom soap headers to conform to the Xml Encryption ... > localization header, etc). ...
    (microsoft.public.dotnet.framework.webservices.enhancements)
  • Re: WSE 3.0 UsernameOverTransport Problem
    ... Usually WSE throws that exception when the WSE extension is not configured ... Server side: usernameOverTransport and requireActionHeader ... working on integrating WSE 3.0 into an web service. ... expected but not present in the security header of the incoming ...
    (microsoft.public.dotnet.framework.webservices.enhancements)
  • Re: Encryption
    ... RSA is used extensively by CF WSE. ... -i verify a message from them with their public key. ... -i encrypt a message to them with their public key. ...
    (microsoft.public.dotnet.framework.compactframework)
  • Re: WSE 3.0 Policy and Encrypting Custom Headers (XML Encryption S
    ... >> easier to encrypt custom soap headers to conform to the Xml Encryption ... >> localization header, etc). ... WSE 2.0 does allow the body and username ...
    (microsoft.public.dotnet.framework.webservices.enhancements)
Loading