There is a set of standards for secure web services. More information can be found here:
http://schemas.xmlsoap.org/specs/ws-security/ws-security.htm Larry Hiscock Western Computer Services -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of David Jordan Sent: Monday, June 08, 2009 10:41 PM To: U2 Users List Subject: Re: [U2] Web services In .Net, the web services is able to identify the call with directory services which is good in a microsoft intranet situation. I believe it can identify windows live ID for an internet solution. But all these facilities are unavailable in web services developer. Web services are great, but there is nothing stopping unauthorized applications from calling a web service. It is not an issue if you are asking for weather details, but more sensitive stuff such as payroll, you want to restrict who has access to what information. The only way I can think of doing this with U2 web services developer, is to make it an Https web service and have to pass the username and password down as a string. Although, I don't think there is a way to use the password to validate that the user is who they say they are. The advantage with web services, is that setting up IIS on server to run .Net Web Services can create concerns on client sites, where the U2 web service is seen as less of an exposure. Regards David Jordan _______________________________________________ U2-Users mailing list [email protected] http://listserver.u2ug.org/mailman/listinfo/u2-users _______________________________________________ U2-Users mailing list [email protected] http://listserver.u2ug.org/mailman/listinfo/u2-users
