CXF-de'per wrote: > > When I use the "PasswordDigest", I am able to encrypt the password. My > requirement is how do I let the serverside (.Net webservice) know that > what algorithm I am using for encryption? >
I don't know, but I think you might have it backwards--namely, you would need to encrypt the password in the same manner that the MS server does. If I understand correctly, servers normally do not store passwords in cleartext but after using a one-way encryption mechanism--when a cleartext password comes in they apply the same one-way mechanism and compare against the value in the data store. If you use the same hashing mechanism as the server's, it can compare your "skldfjh" with the "skldfjh" in the database and then validate that it's a match. Perhaps you might alternatively wish to send the password in non-digest form, but encrypt the message as a whole (including the password) using transport-level SSL instead. Security-wise, it would be very similar to typing in the password on a SSL-encrypted web-page--the server will apply its encryption algorithm on your plain password and do its normal comparison. Glen -- View this message in context: http://www.nabble.com/%3Centry-key%3D%22passwordType%22-value%3D%22PasswordDigest%22--%3E-follows-which-algorithm--to-encrypt-tp19416347p19418563.html Sent from the cxf-user mailing list archive at Nabble.com.
