Tech Off Thread

2 posts

Forum Read Only

This forum has been made read only by the site admins. No new threads or comments can be added.

WSE 3.0 web services questions

Back to Forum: Tech Off
  • User profile image
    katghoti

    I have been asked to explore and create programming recommendations for using web services.  All web services will be intranet only at this time.  I have been looking at WSE and there are so many ways to secure a web service what would be best for these situations:

    Web Serivce One:
    The user will pass in their windows username/password to a web service.  It will authenticate them against LDAP for their domain and return LDAP info for them.  I don't want to pass the username/password unencrypted (of course) so what would be the best solution?

    Web Service Two:
    Once the program has validated the user against LDAP, the program would call a web service to return a datatable of weights and measurements for items.  This data is not criticle and if someone outside the company got a hold of it, no damage could really be done, but we want all web services to run within the same framework.

    Any help would be great.  I am programming in VB (stop groaning) using Windows XP.

    John

  • User profile image
    John Galt

    There is a built in encryption provider in WSE for Domain authentication. It uses Kerberos and a way you go... so long as everyone actually is logged into the domain, if they're on a laptop or something that isn't authenticated properly, your toast.

    The other alternative is to use a shared secret with hashing, but you'll have to roll your own because they took it out because people were passing passwords or using trivially simple passwords (hash it to a 512 bit key and you're laughing though...)

    The other way is to use SSL and you're done, just send it all plain text and volia.

Conversation locked

This conversation has been locked by the site admins. No new comments can be made.