Hi,
I'm looking for a good method of setting up a secure conversation between a
desktop client app and a webservice. The scenario is:

- LOTS of clients
- very small packets (<1K) sent frequently (up to 10 per min)
- Client app will run for long periods
- Want to ensure minimal server load
- IIS/.NET 2.0/XML/SQL Server server app.
- .NET 2.0 client app

I thought that perhaps the client could initially contact the server via
https upon startup, send a ClientID, get a new encryption key, then use that
for all subsequent communication. i.e. encrypt an XML document and pass it
back as a string param, along with the ClientID (so the server can decrypt
the XML).

This is where I find out there's an easy way Hopefully

Hi Bill,

Yes, the approach that "client and server exchange a secured key and use
that key for encrypted data transmit" is a common districuted security
approach. Acutally, if your client and server are all built upon .net
framework 2.0, you can implement such secure channel quite convenient
through the "Web Service Enhancement"(WSE) add-on component. And for .net
framework 2.0, the WSE 3.0 is the matched one, you can find many
information about WSE in the WSE center:

#Web Services Enhancements (WSE)
http://msdn2.microsoft.com/en-us/web.../Aa740663.aspx

You can also find many articles or hand-on labs about implementing
webservice security through WSE:

#Security Features in WSE 3.0
http://msdn.microsoft.com/msdnmag/is...ecurityBriefs/

#Web Services Enhancements 3.0 Hands On Lab - Exploring Security
http://www.microsoft.com/downloads/d...f8e-97e2-43e2-
b484-a74a014a8206&displaylang=en

or the offline document also contains many samples.

Hope this helps.

Sincerely,

Steven Cheng

Microsoft MSDN Online Support Lead



==================================================

Get notification to my posts through email? Please refer to
http://msdn.microsoft.com/subscripti...ult.aspx#notif
ications.



Note: The MSDN Managed Newsgroup support offering is for non-urgent issues
where an initial response from the community or a Microsoft Support
Engineer within 1 business day is acceptable. Please note that each follow
up response may take approximately 2 business days as the support
professional working with you may need further investigation to reach the
most efficient resolution. The offering is not appropriate for situations
that require urgent, real-time or phone-based interactions or complex
project analysis and dump analysis issues. Issues of this nature are best
handled working with a dedicated Microsoft Support Engineer by contacting
Microsoft Customer Support Services (CSS) at
http://msdn.microsoft.com/subscripti...t/default.aspx.

==================================================


This posting is provided "AS IS" with no warranties, and confers no rights.



--------------------

Hi Bill,

Have you got any further ideas or do you still have any questions on this?
If so, please don't hesitate to post here.

Sincerely,

Steven Cheng

Microsoft MSDN Online Support Lead


This posting is provided "AS IS" with no warranties, and confers no rights.


--------------------