|
security
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
StrongNameIdentityPermission and Web ServicesHello,
I would like to make sure that my web service only can be called from my strong name assembly. But I get a SoapException when I try to call a web method with the StrongNameIdentityPermissionAttribute set. So I guess that that there are problems using this attribute when I am calling a web service. It works fine when I call a Windows library. What else can I do? The application has to run on multiple machines so I can't bind it to a specifiic machine. Best regards Henrik Skak Pedersen. There is no way (AFAIK) to pass that strong name information across the wire
in a secure manner that guarantees no one else can spoof it. This is speaking strictly from the servers/web service perspective. (ie. cannot simply declare/apply an attribute) You would need to use a combination of client and server interaction and by this something like certificates, credentials etc... something which only your strong named assembly can acquire, and then your service can determine whether to allow acess. The WSE2 library can help here. Show quoteHide quote "Henrik Skak Pedersen" <notavaila***@nothing.com> wrote in message news:OqyKW$cIFHA.2752@TK2MSFTNGP12.phx.gbl... > Hello, > > I would like to make sure that my web service only can be called from my > strong name assembly. But I get a SoapException when I try to call a web > method with the StrongNameIdentityPermissionAttribute set. So I guess that > that there are problems using this attribute when I am calling a web > service. It works fine when I call a Windows library. > > What else can I do? > > The application has to run on multiple machines so I can't bind it to a > specifiic machine. > > Best regards > > Henrik Skak Pedersen. > > That was a shame, but thank you for your reply.
Show quoteHide quote "Paul Glavich [MVP ASP.NET]" <g***@aspalliane.com-NOSPAM> wrote in message news:uq4MOLhIFHA.2736@TK2MSFTNGP09.phx.gbl... > There is no way (AFAIK) to pass that strong name information across the > wire > in a secure manner that guarantees no one else can spoof it. This is > speaking strictly from the servers/web service perspective. (ie. cannot > simply declare/apply an attribute) > > You would need to use a combination of client and server interaction and > by > this something like certificates, credentials etc... something which only > your strong named assembly can acquire, and then your service can > determine > whether to allow acess. The WSE2 library can help here. > > -- > > - Paul Glavich > ASP.NET MVP > ASPInsider (www.aspinsiders.com) > > > "Henrik Skak Pedersen" <notavaila***@nothing.com> wrote in message > news:OqyKW$cIFHA.2752@TK2MSFTNGP12.phx.gbl... >> Hello, >> >> I would like to make sure that my web service only can be called from my >> strong name assembly. But I get a SoapException when I try to call a web >> method with the StrongNameIdentityPermissionAttribute set. So I guess >> that >> that there are problems using this attribute when I am calling a web >> service. It works fine when I call a Windows library. >> >> What else can I do? >> >> The application has to run on multiple machines so I can't bind it to a >> specifiic machine. >> >> Best regards >> >> Henrik Skak Pedersen. >> >> > > 
Thread options
Other interesting topics
Assembly.Load fails after assembly preloaded using Assembly.LoadFrom (v1.1.4322)
IIS Authentication Problem? Active Directory Machine Account Permissions AddDomain with FullTrust DESCryptoServiceProvider Authentication/Impersonation Inconsistency SignedXml fails under .NET 2.0 Beta Encrypting data using System.Security.Cryptography/ Decrypting w/PGP Assymetric Encryption - Interorperability between Java2, .NET and Openssl Help on Data Security choice ? |
|||||||||||||||||||||||
