Web Services Authentication

Previous page
Table of content
Next page
 <  Day Day Up  >  

Web services are hailed as one of the most important recent communication standards. Web services allow users to easily create and consume applications remotely using regular HTTP channels without any hindrance from firewalls. There are three general approaches to creating secure Web services: HTTP security mechanism, custom SOAP-based security schemas, or WS-security.

HTTP (Transport) Security

This method lets you implement familiar authentication methods available from the combination of IIS and ASP.NET. Basic, Digest, and Certificate authentication options are available. This mode is often used when you can control both channel and platform configurations on both ends, typically in an intranet scenario. This mechanism is based on Windows platform features and provides point-to-point security. SSL is often used to ensure packet protection.

SOAP-Based Custom Security Implementation on Application Level

In this scenario none of the standard methods is used. Instead, a customized Simple Object Access Protocol (SOAP) message carries the required set of credentials with every call. This approach is often used when it's necessary to integrate a web service implementation with other non-Microsoft products.

You can put user credentials either in the SOAP message header or in the message body. These credentials are analyzed by the custom security mechanism on the backend. If credentials encryption is required, you must implement custom code using .NET cryptography providers.

The natural difficulties with implementing this security scenario stem from not using built-in security mechanisms. In this case, the user's browser cannot maintain identity information automatically and the backend has to perform additional work when validating user credentials. Maintenance costs may rise due to the custom development work required to implement this option.

WS-Security

WS-security is a set of specifications describing how to implement message security by using digital signatures and storing authentication tokens in SOAP message headers. It enhances SOAP by providing message integrity, confidentiality, and additional authentication. The WS-security specification was developed jointly by Microsoft, IBM, and Verisign, and it was published in 2002. To learn more about WS-security, read a white paper on the subject from IBM and Microsoft at msdn.microsoft.com/library/en-us/dnwssecur/html/securitywhitepaper.asp?frame=true&_r=1.

This mode of security is useful in highly heterogeneous environments and when abstraction from the transport channel implementation is required.

 <  Day Day Up  >  

Previous page
Table of content
Next page
Building Portals, Intranets, and Corporate Web Sites Using Microsoft Servers
Building Portals, Intranets, and Corporate Web Sites Using Microsoft Servers
ISBN: 0321159632
EAN: 2147483647
Year: 2004
Pages: 164
Authors: James J. Townsend, Dmitri Riz, Deon Schaffer
BUY ON AMAZON
Database Modeling with MicrosoftВ® Visio for Enterprise Architects (The Morgan Kaufmann Series in Data Management Systems)
Beginners Guide to DarkBASIC Game Programming (Premier Press Game Development)
Kanban Made Simple: Demystifying and Applying Toyotas Legendary Manufacturing Process
The CISSP and CAP Prep Guide: Platinum Edition
Professional Java Native Interfaces with SWT/JFace (Programmer to Programmer)
The New Solution Selling: The Revolutionary Sales Process That Is Changing the Way People Sell [NEW SOLUTION SELLING 2/E]
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy