Redian新闻
>
Anyone has experience about security in soap?
avatar
Anyone has experience about security in soap?# XML - WWW明日之星
s*k
1
Using MS Soap ToolKit
Is there a way to control access right on the soap server
besides basic authentication?
would form based authentication works say with a cookie?
thx
avatar
a*a
2
ok, I'm throwing my 2 cents here but be aware that I haven't
used SOAP toolkit yet:) - I am using VS.NET.
There are a few choices for security in web service (the
only thing I know about currntly):
1. NTLM - .NET Framework has an API called
User.IsInRole("domainname")..
2. Form based authentication - passing cookies around (which
you were thinking)
3. soap header - pass your username/password in soap
headers..
I only know about these ideas, never written any code on
these;)

【在 s***k 的大作中提到】
: Using MS Soap ToolKit
: Is there a way to control access right on the soap server
: besides basic authentication?
: would form based authentication works say with a cookie?
: thx

avatar
s*k
3

Thanks acutally i know the last 2, but would like to know
where .NET is headed in the context of SOAP security, would
really like someone from inside to make some insightful comment
can u describe the first option in a bit more detail?
user is from passport service? and role acl is at domain level?

【在 a*****a 的大作中提到】
: ok, I'm throwing my 2 cents here but be aware that I haven't
: used SOAP toolkit yet:) - I am using VS.NET.
: There are a few choices for security in web service (the
: only thing I know about currntly):
: 1. NTLM - .NET Framework has an API called
: User.IsInRole("domainname")..
: 2. Form based authentication - passing cookies around (which
: you were thinking)
: 3. soap header - pass your username/password in soap
: headers..

avatar
a*a
4

I can't comment on SOAP security about .NET.. since I know
nothing:)
1st option: role is at domain level.
If you intend to use your app on WWW, you need to check with
Passport SDK. (www.passport.com)..

【在 s***k 的大作中提到】
:
: Thanks acutally i know the last 2, but would like to know
: where .NET is headed in the context of SOAP security, would
: really like someone from inside to make some insightful comment
: can u describe the first option in a bit more detail?
: user is from passport service? and role acl is at domain level?

相关阅读
logo
联系我们隐私协议©2024 redian.news
Redian新闻
Redian.news刊载任何文章,不代表同意其说法或描述,仅为提供更多信息,也不构成任何建议。文章信息的合法性及真实性由其作者负责,与Redian.news及其运营公司无关。欢迎投稿,如发现稿件侵权,或作者不愿在本网发表文章,请版权拥有者通知本网处理。