This project is read-only.

Security example request

Topics: Technical Questions, Usage Scenarios
Jun 23, 2009 at 6:15 PM

Hi,

I have an external secure service available (https://server.com/service.svc) and I've been unable to expose it internally and is suspecting binding configuration. Importing from the service endpoint works fine, a binding with secure transportation is generated, but I would love some guidance on exposing it to the clients - that is endpoint and server configuration. The authentication is done in the soap header, so the security example doesn't cover it.

The more hands on the help, the happier I'll be :).

Brgds
Henrik

 

Jun 24, 2009 at 4:29 AM

Have you also looked through the Security Guide and associated source code?  This provides quite a bit more information and sample code beyond what the Security Walkthrough includes.

It sounds like your service implementation is expecting special soap headers to perform authentication of a caller.  Are you planning to inject this header within the MSE layer or are you expecting the consumer to submit the headers to the MSE hosted endpoint and have the MSE flow the header through to your implementation?  Both would be possible with pros/cons for each.