WSE 3.0 Security

Hot Topic

override the built-in function
Attempted to read or write protected memory?
Problem using email to initiate workflow
Second Workflow email failing
problem with low-level file creation
SPListItem.moveTo() throws an exception
KPI List Items Indicator Styles
Error when importing application definition file having Comparison FilterDescriptor
Need suggestion.....................
browser-enabled form template???

SharePoint Products

Stored procedure vs standard query
Create Web Parts Using VS Express 2005 ?
Help for PDA
Routing Messages synchronously to services
Design consulting
Installing SPS 2007
WSRP or "remote webparts"
sometimes i can break through code in vs2005 to debug a site
JobObjects and Permissions
Custom Site column Column using Feature in MOSS

WSE 3.0 Security

Hi All,

I am developing a prototype which requires usernametoken to be stored once the client is authenticated.

The client will call webservice after a secure authentication using WSE 3.0, from then onwards I want this token to be used to call other webservices also.

The scenario is something like this, -

Client calls WS-A. WS-A authenticates using usernametoken. Client gets confirmation and subsequent calls to WS-B, WS-C shouldn't be asked for authentication. Meaning after WS-A's form based authentication, the subsequent calls to WS-B, WS-C should be also automatically secured and webmethods should be allowed to be executed.

Can we share a UsernameToken after authentication. Can someone shed some light in this scenario.

One way I think is if we serialize the usernametoken in someway on server/database then the other WS-B / WS-C can understand the same client call by acknowleging the usernametoken which was serialized in database/filesystem.

Could you share your experiences here.

thanks.

Paresh.

Answer this question

WSE 3.0 Security

  • Jennifer Lai

    It sounds like what you want is to implement a Security Token Service (STS) in WSE that your clients and webservices share for authentication so that they can share security tokens.

    Here you'll find detailed information on using the STS functionality in WSE:
    http://msdn.microsoft.com/webservices/webservices/building/wse/default.aspx pull=/library/en-us/dnpag2/html/wss_ch1_brokauthsts.asp

    There's also an STS implementation based on SAML tokens for WSE 3.0 on gotdotnet:
    http://www.gotdotnet.com/codegallery/codegallery.aspx id=8da852b9-2c0d-4eb7-a2de-77222a4075f6



  • Cute_Celina

    You can also pass the credentials to the other webservices. The webservice has an standard attribute credentials

  • search and deploy

    thanks Thomas,

    I was looking in the same direction. I will get back to you after looking at this mentioned url and application.

    thanks very much for the prompt and very good answer.

    -Paresh
  • WSE 3.0 Security
Answer this question