|
|
|
date: Mon, 12 Nov 2007 13:57:01 -0800,
group: microsoft.public.dotnet.distributed_apps
back
RE: Secure comms
Hi Bill,
Yes, the approach that "client and server exchange a secured key and use
that key for encrypted data transmit" is a common districuted security
approach. Acutally, if your client and server are all built upon .net
framework 2.0, you can implement such secure channel quite convenient
through the "Web Service Enhancement"(WSE) add-on component. And for .net
framework 2.0, the WSE 3.0 is the matched one, you can find many
information about WSE in the WSE center:
#Web Services Enhancements (WSE)
http://msdn2.microsoft.com/en-us/webservices/Aa740663.aspx
You can also find many articles or hand-on labs about implementing
webservice security through WSE:
#Security Features in WSE 3.0
http://msdn.microsoft.com/msdnmag/issues/05/11/SecurityBriefs/
#Web Services Enhancements 3.0 Hands On Lab - Exploring Security
http://www.microsoft.com/downloads/details.aspx?familyid=9acd1f8e-97e2-43e2-
b484-a74a014a8206&displaylang=en
or the offline document also contains many samples.
Hope this helps.
Sincerely,
Steven Cheng
Microsoft MSDN Online Support Lead
==================================================
Get notification to my posts through email? Please refer to
http://msdn.microsoft.com/subscriptions/managednewsgroups/default.aspx#notif
ications.
Note: The MSDN Managed Newsgroup support offering is for non-urgent issues
where an initial response from the community or a Microsoft Support
Engineer within 1 business day is acceptable. Please note that each follow
up response may take approximately 2 business days as the support
professional working with you may need further investigation to reach the
most efficient resolution. The offering is not appropriate for situations
that require urgent, real-time or phone-based interactions or complex
project analysis and dump analysis issues. Issues of this nature are best
handled working with a dedicated Microsoft Support Engineer by contacting
Microsoft Customer Support Services (CSS) at
http://msdn.microsoft.com/subscriptions/support/default.aspx.
==================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
>From: =?Utf-8?B?QmlsbEF0V29yaw==?= <BillAtWork@nospam.nospam>
>Subject: Secure comms
>Date: Mon, 12 Nov 2007 13:57:01 -0800
>
>Hi,
>I'm looking for a good method of setting up a secure conversation between
a
>desktop client app and a webservice. The scenario is:
>
>- LOTS of clients
>- very small packets (<1K) sent frequently (up to 10 per min)
>- Client app will run for long periods
>- Want to ensure minimal server load
>- IIS/.NET 2.0/XML/SQL Server server app.
>- .NET 2.0 client app
>
>I thought that perhaps the client could initially contact the server via
>https upon startup, send a ClientID, get a new encryption key, then use
that
>for all subsequent communication. i.e. encrypt an XML document and pass it
>back as a string param, along with the ClientID (so the server can decrypt
>the XML).
>
>This is where I find out there's an easy way :) Hopefully :)
>
date: Tue, 13 Nov 2007 03:41:15 GMT
author: (Steven Cheng[MSFT])
RE: Secure comms
Hi Bill,
Have you got any further ideas or do you still have any questions on this?
If so, please don't hesitate to post here.
Sincerely,
Steven Cheng
Microsoft MSDN Online Support Lead
This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
>From: stcheng@online.microsoft.com (Steven Cheng[MSFT])
>Organization: Microsoft
>Date: Tue, 13 Nov 2007 03:41:15 GMT
>Subject: RE: Secure comms
>
>Hi Bill,
>
>Yes, the approach that "client and server exchange a secured key and use
>that key for encrypted data transmit" is a common districuted security
>approach. Acutally, if your client and server are all built upon .net
>framework 2.0, you can implement such secure channel quite convenient
>through the "Web Service Enhancement"(WSE) add-on component. And for .net
>framework 2.0, the WSE 3.0 is the matched one, you can find many
>information about WSE in the WSE center:
>
>#Web Services Enhancements (WSE)
>http://msdn2.microsoft.com/en-us/webservices/Aa740663.aspx
>
>You can also find many articles or hand-on labs about implementing
>webservice security through WSE:
>
>#Security Features in WSE 3.0
>http://msdn.microsoft.com/msdnmag/issues/05/11/SecurityBriefs/
>
>#Web Services Enhancements 3.0 Hands On Lab - Exploring Security
>http://www.microsoft.com/downloads/details.aspx?familyid=9acd1f8e-97e2-43e2
-
>b484-a74a014a8206&displaylang=en
>
>or the offline document also contains many samples.
>
>Hope this helps.
>
>Sincerely,
>
>Steven Cheng
>
>Microsoft MSDN Online Support Lead
>
>
>
>==================================================
>
>Get notification to my posts through email? Please refer to
>http://msdn.microsoft.com/subscriptions/managednewsgroups/default.aspx#noti
f
>ications.
>
>
>
>Note: The MSDN Managed Newsgroup support offering is for non-urgent issues
>where an initial response from the community or a Microsoft Support
>Engineer within 1 business day is acceptable. Please note that each follow
>up response may take approximately 2 business days as the support
>professional working with you may need further investigation to reach the
>most efficient resolution. The offering is not appropriate for situations
>that require urgent, real-time or phone-based interactions or complex
>project analysis and dump analysis issues. Issues of this nature are best
>handled working with a dedicated Microsoft Support Engineer by contacting
>Microsoft Customer Support Services (CSS) at
>http://msdn.microsoft.com/subscriptions/support/default.aspx.
>
>==================================================
>
>
>This posting is provided "AS IS" with no warranties, and confers no rights.
>
>
date: Thu, 15 Nov 2007 09:58:08 GMT
author: (Steven Cheng[MSFT])
|
|
