Web Service Question
-
Does anyone know of a simple example of securing a webservice client and server. I need to pass a username and password from the winform client to the web service, but I don't want them sent in plain text xml. Thanks
-
Does anyone know of a simple example of securing a webservice client and server. I need to pass a username and password from the winform client to the web service, but I don't want them sent in plain text xml. Thanks
-
Does anyone know of a simple example of securing a webservice client and server. I need to pass a username and password from the winform client to the web service, but I don't want them sent in plain text xml. Thanks
Or even easier, just setup an SSL certificate on your web server and communicate with your web service via the SSL port (default is 443). This encrypts everything for you. Instead of the SOAP headers (which doesn't encrypt anything), see the
System.Security.Cryptography.Xmlnamespace in the .NET Framework SDK. I also cover the signing portion of this (to see an example of that part of it, which is similar to what you need to do for encrypting the SOAP message) in my article, Using XML Digital Signatures for Application Licensing[^]. The WS-Security specs (of which WS-Signatures and WS-Encryption is part) are also an industry standard.Microsoft MVP, Visual C# My Articles
-
Or even easier, just setup an SSL certificate on your web server and communicate with your web service via the SSL port (default is 443). This encrypts everything for you. Instead of the SOAP headers (which doesn't encrypt anything), see the
System.Security.Cryptography.Xmlnamespace in the .NET Framework SDK. I also cover the signing portion of this (to see an example of that part of it, which is similar to what you need to do for encrypting the SOAP message) in my article, Using XML Digital Signatures for Application Licensing[^]. The WS-Security specs (of which WS-Signatures and WS-Encryption is part) are also an industry standard.Microsoft MVP, Visual C# My Articles
Thanks. Is WS-Security a standard yet?