Web Service
Páginas: 23 (5666 palabras)
Publicado: 17 de abril de 2012
Securing Web Services with Visual Basic 6.0 and MS SOAP Toolkit 2.0
Zoran Zaev
This month, Zoran Zaev shows you how to secure your web services by implementing transport level authentication with Visual Basic. Then, he calls the web services from Visual Basic, VBScript/ASP, and PERL. Finally, he implements transport level SSL encryption to the web services used in his examples.
By now,you’ve probably heard quite a bit about web services and how to build web services in your favorite environment. If you haven’t, make sure you check some of our past issues for the introductory coverage on web services as well as specific advice on implementing web services in various programming languages and platforms.
As you start thinking of actually deploying your web services inproduction, an essential question comes into your attention: how can I make sure that my web services are secure? Even more so, perhaps you have already deployed your web service and have only glanced over the topic of security. Or, maybe your web service was deployed in an internal environment where you didn’t think much security is necessary. In any of these situations, you will likely want to look intohow you can apply enough security for your web service, such that misuse or malicious use is prevented.
In this article, I’ll talk a lot about web services security, but let’s first clearly state what I will and will not cover. Security is a complex subject and I will need much more then one article to cover all of the important security aspects as it relates to web services. When you areimplementing security to a system or an application, you have to take an integrated approach and examine all of the components in your system, all of your applications, and modules, but also your business policies and processes.
Systems or application security itself, consists of distinctive areas of concern, such as authentication, authorization, auditing and logging, integrity and encryption,privacy and encryption, nonrepudiation (not rejecting that an agreement was actually signed) and digital signatures, and the often left out topic of availability with tasks such as load balancing, failover, and backup. Web security in particular, can be addressed at two different levels: at the transport level, such as the level of HTTP, and at the application level, such as at the level of SOAPmessages. As you can see, security is a large topic. Therefore, for the purposes of this article, I’ll particularly focus on authentication, and briefly touch upon encryption. Furthermore, I’ll cover transport level security, and HTTP in particular. I’ll use Visual Basic 6.0 and MS SOAP Toolkit 2.0 in the examples shown in this article. In one of the following issues, I’ll look at implementing webservices security with Microsoft’s new .NET platform. Visual Basic 6 and COM+ system are so numerous and they will very likely be out there for quite some time.
Getting Started With A Sample Web Service
I will use a sample web service that I had created for the October 2001 issue of XML Developer and show you how to add security to it. This web service was created with Visual Basic 6.0 and usingthe MS SOAP Toolkit 2.0. This sample web service is a job submittal service, part of a sample Job Bank system. Partners will be allowed to submit new job postings to this web service. You can easily image that companies that host job banks could easily use this kind of a service to which other companies could submit new job postings. I said in the October 2001 issue that in a real world scenario,this web service will likely be more complex, and security will be applied, so that not everybody can submit a new job posting.
Before we get started, make sure that you have the necessary software. If you don’t have the MS SOAP Toolkit 2.0, you would have to obtain it from http://msdn.microsoft.com/webservices/ and install it on your computer. I built this web service on a Windows 2000...
Zoran Zaev
This month, Zoran Zaev shows you how to secure your web services by implementing transport level authentication with Visual Basic. Then, he calls the web services from Visual Basic, VBScript/ASP, and PERL. Finally, he implements transport level SSL encryption to the web services used in his examples.
By now,you’ve probably heard quite a bit about web services and how to build web services in your favorite environment. If you haven’t, make sure you check some of our past issues for the introductory coverage on web services as well as specific advice on implementing web services in various programming languages and platforms.
As you start thinking of actually deploying your web services inproduction, an essential question comes into your attention: how can I make sure that my web services are secure? Even more so, perhaps you have already deployed your web service and have only glanced over the topic of security. Or, maybe your web service was deployed in an internal environment where you didn’t think much security is necessary. In any of these situations, you will likely want to look intohow you can apply enough security for your web service, such that misuse or malicious use is prevented.
In this article, I’ll talk a lot about web services security, but let’s first clearly state what I will and will not cover. Security is a complex subject and I will need much more then one article to cover all of the important security aspects as it relates to web services. When you areimplementing security to a system or an application, you have to take an integrated approach and examine all of the components in your system, all of your applications, and modules, but also your business policies and processes.
Systems or application security itself, consists of distinctive areas of concern, such as authentication, authorization, auditing and logging, integrity and encryption,privacy and encryption, nonrepudiation (not rejecting that an agreement was actually signed) and digital signatures, and the often left out topic of availability with tasks such as load balancing, failover, and backup. Web security in particular, can be addressed at two different levels: at the transport level, such as the level of HTTP, and at the application level, such as at the level of SOAPmessages. As you can see, security is a large topic. Therefore, for the purposes of this article, I’ll particularly focus on authentication, and briefly touch upon encryption. Furthermore, I’ll cover transport level security, and HTTP in particular. I’ll use Visual Basic 6.0 and MS SOAP Toolkit 2.0 in the examples shown in this article. In one of the following issues, I’ll look at implementing webservices security with Microsoft’s new .NET platform. Visual Basic 6 and COM+ system are so numerous and they will very likely be out there for quite some time.
Getting Started With A Sample Web Service
I will use a sample web service that I had created for the October 2001 issue of XML Developer and show you how to add security to it. This web service was created with Visual Basic 6.0 and usingthe MS SOAP Toolkit 2.0. This sample web service is a job submittal service, part of a sample Job Bank system. Partners will be allowed to submit new job postings to this web service. You can easily image that companies that host job banks could easily use this kind of a service to which other companies could submit new job postings. I said in the October 2001 issue that in a real world scenario,this web service will likely be more complex, and security will be applied, so that not everybody can submit a new job posting.
Before we get started, make sure that you have the necessary software. If you don’t have the MS SOAP Toolkit 2.0, you would have to obtain it from http://msdn.microsoft.com/webservices/ and install it on your computer. I built this web service on a Windows 2000...
Leer documento completo
Regístrate para leer el documento completo.