Get Help:Ask a Question in our Forums|Report a Bug|More Help Resources
Last post Jan 11, 2008 05:33 PM by aramkiss
Dec 10, 2007 08:55 AM|LINK
We are having a scenario in which we need to publish a web service which has some webmethods.(insert operation).
We need to make this web service available to our business partners. But as this web service will be publicly available how we cane make it secure??
I'm having some options as:
1. Pass the username and password to WEbmethod and then authenticate the user and return data
2. Use WSE (dont have too much idea abt web service enhancement)
Plz suggest me the good option to implement this web service.....
Dec 10, 2007 05:03 PM|LINK
WSE includes a feature to allow username/password authentication for each web call. In WSE this is called the Username token. It works with .Net and most Java clients.
Dec 10, 2007 08:25 PM|LINK
You might want to look at my answer from a previous post
Basic idea is to separate out into distinct web service classes and use a Perimeter Service Router to route calls from third party. WSE 3.0 package is used in this solution. I have a Patterns and Practices guide I referenced in my post also.
Dec 11, 2007 05:18 AM|LINK
i saw the articles...
but its quite difficult to understand....
It could be better if we have some working code as guideline...
Dec 11, 2007 07:06 AM|LINK
Here is an article which explains the whole process fo Implementing Direct Authentication with UsernameToken in WSE 3.0 with code and step by step instructions.
Dec 11, 2007 01:08 PM|LINK
I initially learned WSE 3.0 by using the Web Services Enhancements 3.0 Hands On Lab - Exploring Security (http://www.microsoft.com/downloads/details.aspx?familyid=9acd1f8e-97e2-43e2-b484-a74a014a8206&displaylang=en).
After doing this lab I was able to use the Patterns and Practice book to implement my solution. It was way easier to use WSE 3.0 implementation rather then coding it myself. The lab has a full set of completed code that you can use to base your solution.
If you need more code examples check out the WSE 3.0 site (http://msdn2.microsoft.com/en-ca/webservices/aa740663.aspx) There is also some webcasts on the WSE 3.0 page that might giv
eyou a jumpstart on your design.
BTW you need to download WSE 3.0 (http://www.microsoft.com/downloads/details.aspx?FamilyId=018A09FD-3A74-43C5-8EC1-8D789091255D&displaylang=en) and
install it along with Visual Studio .NET 2005.
Dec 13, 2007 06:38 AM|LINK
hey Andre !
thanks for the links....
I have started with Hands on lab.. its quit interesting :)
Jan 10, 2008 10:30 AM|LINK
I tried this also..
but didn't get any clue how to expose web services to third party....which may on different platform...
What i want to do is
1. I want to create a set of secured web services which I'm planning to expose to all trusted clients
2. The code which will use these webservices needs to pass just the username and password to get authenticated and use the webservice
3. I want to implement this using WSE 3.0
Does anybody have any Idea abt this??
can anybody help me plzzzzz
Thanks in advance !!!
Jan 10, 2008 01:43 PM|LINK
The idea of using WSE is to have a secure framework for your webservice. Personally when I make a WS available to a 3rd party I establish an agreement between vendor and myself on what web methods I am creating and what expected inputs and return values
to expect. I also provide out information on how to access web service with username and password to access service (as speicifed in username token turnkey solution in WSE 3.0 documentation)
That's pretty much it. All of the solutions I have provided to date are dealing with various .NET systems so if your dealing with a WS that is Java you might want to be careful of which data types you return e.g. datetime. One of the projects at a previous
workplace had problems with this data type so we sent this out as a string and had vendor parse the values out.
I hope above informationis useful for you.
Jan 11, 2008 08:26 AM|LINK
Can I use WSE to authenticate web services like soap authentication in which client needs to add just the web reference to the web service and pass the user name an password in url?
I'll really appreciate your efforts if you could help me?
Thanks & Regards,
"web Service" relatve url
Web Serviceb property
WSE 3.0 Security web Services
wsdl xml xsd
web Service xml