4

Closed

Web Service Security

description

---------edited Aug 14, 2007--------
I've decided to implement another form of security using a shared key. It's a custom solution and only recommended for Medium Trust shared hosting solutions. For Full Trust solutions WSE 3.0 or WCF should be used instead.
 
There will be a server side admin tool for the keys. A separate key should be generated for each client machine. The key will be saved as a key file in the client application folder (or location of your choice), then it will be read and passed to each web service call for validation. (just like the current solution). The only difference is the key isn't dynamically generated and authenticated with a username/password.
 
This prevents the keys from never expiring like they did before and, you can expire keys on the server side in case one becomes compromised.
 
-----Edited Sept 8, 2007-----
I'm working on posting these changes now. Feel free to comment on the discussion thread. The old release will still be available with the session based web service security.
 
 
 
Thoughts?
Discussion thread: http://www.codeplex.com/SingleSignOn/Thread/View.aspx?ThreadId=13798
Closed Mar 31, 2008 at 5:36 PM by nlb6665

comments

nlb6665 wrote Jun 1, 2007 at 2:57 PM

I also realize that this is kind of a big security issue with windows forms clients. The service username and password would have to be in the app.config.

wrote Jun 2, 2007 at 10:14 PM

wrote Jun 4, 2007 at 2:47 PM

wrote Jun 4, 2007 at 3:36 PM

wrote Jun 4, 2007 at 6:41 PM

wrote Jun 12, 2007 at 5:49 AM

Heynemann wrote Jun 12, 2007 at 1:42 PM

Not at all. You could use the Isolated Storage are for the user to keep an encrypted xml file containing the user and password. I´ll be doing some work on the Service infra-structure of this project soon. Probably I´ll do the services in WCF since it allows for security between parties already.

wrote Jul 25, 2007 at 4:37 PM

wrote Aug 14, 2007 at 7:27 PM

wrote Sep 8, 2007 at 6:29 AM

nlb6665 wrote Sep 10, 2007 at 6:52 PM

Check out the latest release.

wrote Sep 10, 2007 at 6:53 PM

wrote Sep 10, 2007 at 6:55 PM

wrote Mar 31, 2008 at 5:36 PM

wrote Feb 13, 2013 at 11:21 PM

wrote May 16, 2013 at 5:25 AM