WSE includes a feature to allow username/password authentication for each web call. In WSE this is called the Username token. It works with .Net and most Java clients.
Basic idea is to separate out into distinct web service classes and use a Perimeter Service Router to route calls from third party. WSE 3.0 package is used in this solution. I have a Patterns and Practices guide I referenced in my post also.
Regards
Andre
If this has helped Please: Do not forget to click "Mark as Answer" on the post that helped you.
That way future readers will know which post solved your issue.
Here is an article which explains the whole process fo Implementing Direct Authentication with UsernameToken in WSE 3.0 with code and step by step instructions.
After doing this lab I was able to use the Patterns and Practice book to implement my solution. It was way easier to use WSE 3.0 implementation rather then coding it myself. The lab has a full set of completed code that you can use to base your solution.
If you need more code examples check out the WSE 3.0 site (http://msdn2.microsoft.com/en-ca/webservices/aa740663.aspx) There is also some webcasts on the WSE 3.0 page that might giv
eyou a jumpstart on your design.
If this has helped Please: Do not forget to click "Mark as Answer" on the post that helped you.
That way future readers will know which post solved your issue.
but didn't get any clue how to expose web services to third party....which may on different platform...
What i want to do is
1. I want to create a set of secured web services which I'm planning to expose to all trusted clients
2. The code which will use these webservices needs to pass just the username and password to get authenticated and use the webservice
3. I want to implement this using WSE 3.0
Does anybody have any Idea abt this??
can anybody help me plzzzzz
Thanks in advance !!!
Shekhar
"Trust yourself. You know more than you think you do.”
The idea of using WSE is to have a secure framework for your webservice. Personally when I make a WS available to a 3rd party I establish an agreement between vendor and myself on what web methods I am creating and what expected inputs and return values
to expect. I also provide out information on how to access web service with username and password to access service (as speicifed in username token turnkey solution in WSE 3.0 documentation)
That's pretty much it. All of the solutions I have provided to date are dealing with various .NET systems so if your dealing with a WS that is Java you might want to be careful of which data types you return e.g. datetime. One of the projects at a previous
workplace had problems with this data type so we sent this out as a string and had vendor parse the values out.
I hope above informationis useful for you.
Andre
If this has helped Please: Do not forget to click "Mark as Answer" on the post that helped you.
That way future readers will know which post solved your issue.
Can I use WSE to authenticate web services like soap authentication in which client needs to add just the web reference to the web service and pass the user name an password in url?
I'll really appreciate your efforts if you could help me?
Thanks & Regards,
Shekhar
WSWeb Services"web Service" relatve urlWSE 3.0Web Serviceb propertyWSE 3.0 Security web Serviceswsdl xml xsdweb Service xml
"Trust yourself. You know more than you think you do.”
shekhar_249
Member
136 Points
72 Posts
exposing webmethod to third party
Dec 10, 2007 08:55 AM|LINK
Hi,
We are having a scenario in which we need to publish a web service which has some webmethods.(insert operation).
We need to make this web service available to our business partners. But as this web service will be publicly available how we cane make it secure??
I'm having some options as:
1. Pass the username and password to WEbmethod and then authenticate the user and return data
2. Use WSE (dont have too much idea abt web service enhancement)
Plz suggest me the good option to implement this web service.....
Thanks !
Chandrashekhar Muradnar
Team Lead
PUNE INDIA
RogerRabbit
Participant
1540 Points
247 Posts
Re: exposing webmethod to third party
Dec 10, 2007 05:03 PM|LINK
WSE includes a feature to allow username/password authentication for each web call. In WSE this is called the Username token. It works with .Net and most Java clients.
aramkiss
Member
114 Points
27 Posts
Re: exposing webmethod to third party
Dec 10, 2007 08:25 PM|LINK
Hi Shekhar,
You might want to look at my answer from a previous post http://forums.asp.net/t/1189924.aspx
Basic idea is to separate out into distinct web service classes and use a Perimeter Service Router to route calls from third party. WSE 3.0 package is used in this solution. I have a Patterns and Practices guide I referenced in my post also.
Regards
Andre
That way future readers will know which post solved your issue.
shekhar_249
Member
136 Points
72 Posts
Re: exposing webmethod to third party
Dec 11, 2007 05:18 AM|LINK
hey !
i saw the articles...
but its quite difficult to understand....
It could be better if we have some working code as guideline...
Thanks Andre
Chandrashekhar Muradnar
Team Lead
PUNE INDIA
oalabdullah
Member
242 Points
46 Posts
Re: exposing webmethod to third party
Dec 11, 2007 07:06 AM|LINK
Here is an article which explains the whole process fo Implementing Direct Authentication with UsernameToken in WSE 3.0 with code and step by step instructions.
http://msdn2.microsoft.com/en-us/library/aa480575.aspx
aramkiss
Member
114 Points
27 Posts
Re: exposing webmethod to third party
Dec 11, 2007 01:08 PM|LINK
Hey Shekhar,
I initially learned WSE 3.0 by using the Web Services Enhancements 3.0 Hands On Lab - Exploring Security (http://www.microsoft.com/downloads/details.aspx?familyid=9acd1f8e-97e2-43e2-b484-a74a014a8206&displaylang=en).
After doing this lab I was able to use the Patterns and Practice book to implement my solution. It was way easier to use WSE 3.0 implementation rather then coding it myself. The lab has a full set of completed code that you can use to base your solution. If you need more code examples check out the WSE 3.0 site (http://msdn2.microsoft.com/en-ca/webservices/aa740663.aspx) There is also some webcasts on the WSE 3.0 page that might giv eyou a jumpstart on your design.
BTW you need to download WSE 3.0 (http://www.microsoft.com/downloads/details.aspx?FamilyId=018A09FD-3A74-43C5-8EC1-8D789091255D&displaylang=en) and install it along with Visual Studio .NET 2005.
Good Luck
Andre
That way future readers will know which post solved your issue.
shekhar_249
Member
136 Points
72 Posts
Re: exposing webmethod to third party
Dec 13, 2007 06:38 AM|LINK
hey Andre !
thanks for the links....
I have started with Hands on lab.. its quit interesting :)
Chandrashekhar Muradnar
Team Lead
PUNE INDIA
shekhar_249
Member
136 Points
72 Posts
Re: exposing webmethod to third party
Jan 10, 2008 10:30 AM|LINK
I tried this also..
but didn't get any clue how to expose web services to third party....which may on different platform...
What i want to do is
1. I want to create a set of secured web services which I'm planning to expose to all trusted clients
2. The code which will use these webservices needs to pass just the username and password to get authenticated and use the webservice
3. I want to implement this using WSE 3.0
Does anybody have any Idea abt this??
can anybody help me plzzzzz
Thanks in advance !!!
Shekhar
Chandrashekhar Muradnar
Team Lead
PUNE INDIA
aramkiss
Member
114 Points
27 Posts
Re: exposing webmethod to third party
Jan 10, 2008 01:43 PM|LINK
Hi Shekar,
The idea of using WSE is to have a secure framework for your webservice. Personally when I make a WS available to a 3rd party I establish an agreement between vendor and myself on what web methods I am creating and what expected inputs and return values to expect. I also provide out information on how to access web service with username and password to access service (as speicifed in username token turnkey solution in WSE 3.0 documentation)
That's pretty much it. All of the solutions I have provided to date are dealing with various .NET systems so if your dealing with a WS that is Java you might want to be careful of which data types you return e.g. datetime. One of the projects at a previous workplace had problems with this data type so we sent this out as a string and had vendor parse the values out.
I hope above informationis useful for you.
Andre
That way future readers will know which post solved your issue.
shekhar_249
Member
136 Points
72 Posts
Re: exposing webmethod to third party
Jan 11, 2008 08:26 AM|LINK
Can I use WSE to authenticate web services like soap authentication in which client needs to add just the web reference to the web service and pass the user name an password in url?
I'll really appreciate your efforts if you could help me?
Thanks & Regards,
Shekhar
WS Web Services "web Service" relatve url WSE 3.0 Web Serviceb property WSE 3.0 Security web Services wsdl xml xsd web Service xml
Chandrashekhar Muradnar
Team Lead
PUNE INDIA