0

WS-I thinghies

So we have Nfftiws (the web service that deals with Users). We can call the GetUser method by passing email and password and get all the user’s info and…

Now wait a second. Passing email and password to a web service? Using SOAP? On the public internet?

You have to be quite brave to do that…

So, what can we do to avoid snooping, spoofing and general bad things happen to our web service? Luckily there’s an industry-wide effort going on to attack these issues called WS-I. There are cross platform protocols for security, authentication, encryption, etc… Microsoft’s implementation of these set of protocols is provided by WSE 2.0 (now in technical preview stage).

Once you download and install it, you have a new entry in the pop up menu that comes out when you right click on a project, where you can enable WSE and set a lot of other options.

There is a big downside. The documentation is… uhm… how can I say this in a nice way… lacking? 🙂

So I had to dig deep into Google and finally got a series of pages that, while none of them was complete, gave me a general idea on how to use WSE for my project…

Leave a Reply

Your email address will not be published. Required fields are marked *