ASP.NET Web Services Security
-
Hi folks, I've read more than 14 articles on the net about the "security of web services" and how to make a web service secure. I also tried WSE3.0, FormsAuthentication and more, but they all doesn't seem to be the perfect solution. Any idea would be highly appreciated, Cheers, Mehdi Mousavi - Software Architect [ http://mehdi.biz ]
-
Hi folks, I've read more than 14 articles on the net about the "security of web services" and how to make a web service secure. I also tried WSE3.0, FormsAuthentication and more, but they all doesn't seem to be the perfect solution. Any idea would be highly appreciated, Cheers, Mehdi Mousavi - Software Architect [ http://mehdi.biz ]
-
Different people are likely to view the matter differently and it would be surprising if all should come to the same conclusion! Mehdi Mousavi - Software Architect [ http://mehdi.biz ]
-
Different people are likely to view the matter differently and it would be surprising if all should come to the same conclusion! Mehdi Mousavi - Software Architect [ http://mehdi.biz ]
Was that directed at me? He's basically inferring that he wants to use SOA via Web Services. He doesn't know it yet, but that is more than likely his direction, given the phrasing he used. But, .NET doesn't have a secirity paradigm with web services. JAVA has one that is implemented. See WebShpere. Taking the problem , using evoltionary architecture the solution will differ only slightly. Unless of course the team is less experience. But a product of "realizations" as with model architecture will come to the same conclusion, differing only slightly. Unlesshe decided not the use Web Services for application structure. My thoughts and opinions do not actually represnt what I am saying.:-D Nick 1 line of code equals many bugs. So don't write any!!
-
Was that directed at me? He's basically inferring that he wants to use SOA via Web Services. He doesn't know it yet, but that is more than likely his direction, given the phrasing he used. But, .NET doesn't have a secirity paradigm with web services. JAVA has one that is implemented. See WebShpere. Taking the problem , using evoltionary architecture the solution will differ only slightly. Unless of course the team is less experience. But a product of "realizations" as with model architecture will come to the same conclusion, differing only slightly. Unlesshe decided not the use Web Services for application structure. My thoughts and opinions do not actually represnt what I am saying.:-D Nick 1 line of code equals many bugs. So don't write any!!
Ouch! :~ I just thought that you're teasing me by the "1 line of code equals many bugs. So don't write any!!" phrase. I didn't pay attention that it was your signature! I absolutely thought that it was directed at me, and that's why I said that "different people are likely to view the matter differently...". Anyhow, sorry for misunderstanding. Let me be straight. Consider an asp.net web service that's being executed on SSL/TSL layer and is supposed to be secured by implementing security using the FormsAuthentication method from the ground up. Do you call this a secure web service against the STRIDE model? Thank you for your time. Mehdi Mousavi - Software Architect [ http://mehdi.biz ]
-
Ouch! :~ I just thought that you're teasing me by the "1 line of code equals many bugs. So don't write any!!" phrase. I didn't pay attention that it was your signature! I absolutely thought that it was directed at me, and that's why I said that "different people are likely to view the matter differently...". Anyhow, sorry for misunderstanding. Let me be straight. Consider an asp.net web service that's being executed on SSL/TSL layer and is supposed to be secured by implementing security using the FormsAuthentication method from the ground up. Do you call this a secure web service against the STRIDE model? Thank you for your time. Mehdi Mousavi - Software Architect [ http://mehdi.biz ]
In my opinion no. I would consider it secure if it was called inside a context that could ensure it validity. Then all web service calls would be managed by the context and intercepted if needed. I believe .NET is 2 years away at least from this 1 line of code equals many bugs. So don't write any!!