HighTechTalks DotNet Forums  

Re: StrongNameIdentityPermission and Web Services

Go Back HighTechTalks DotNet Forums Dotnet Dotnet Security Re: StrongNameIdentityPermission and Web Services

Dotnet Security microsoft.public.dotnet.security


Discuss Re: StrongNameIdentityPermission and Web Services in the Dotnet Security forum.



Reply
 
Thread Tools Search this Thread Display Modes
  #1  
Old   
Dominick Baier [DevelopMentor]
 
Posts: n/a

Default Re: StrongNameIdentityPermission and Web Services - 03-06-2005 , 02:43 AM





well - no built in way, at least.

you could pass the information manually in a header or a parameter. You then have to make sure noone can tamper with your packets on the wire.

you could accomplish this by using SSL - or message level security, aka WS:Security as provided in the WSE2 toolkit.



---
Dominick Baier - DevelopMentor
http://www.leastprivilege.com

nntp://news.microsoft.com/microsoft.public.dotnet.security/<uq4MOLhIFHA.2736 (AT) TK2MSFTNGP09 (DOT) phx.gbl>

There is no way (AFAIK) to pass that strong name information across the wire
in a secure manner that guarantees no one else can spoof it. This is
speaking strictly from the servers/web service perspective. (ie. cannot
simply declare/apply an attribute)

You would need to use a combination of client and server interaction and by
this something like certificates, credentials etc... something which only
your strong named assembly can acquire, and then your service can determine
whether to allow acess. The WSE2 library can help here.

--

- Paul Glavich
ASP.NET MVP
ASPInsider (www.aspinsiders.com)


"Henrik Skak Pedersen" <notavailable (AT) nothing (DOT) com> wrote

Quote:
Hello,

I would like to make sure that my web service only can be called from my
strong name assembly. But I get a SoapException when I try to call a web
method with the StrongNameIdentityPermissionAttribute set. So I guess that
that there are problems using this attribute when I am calling a web
service. It works fine when I call a Windows library.

What else can I do?

The application has to run on multiple machines so I can't bind it to a
specifiic machine.

Best regards

Henrik Skak Pedersen.


[microsoft.public.dotnet.security]


Reply With Quote
Reply

« Previous Thread | Next Thread »



Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are On
[IMG] code is On
HTML code is Off



Powered by vBulletin Version 3.5.4
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.


Contact Us - HighTechTalks DotNet Forums - Archive - Top