O'Reilly logo

Real World XML Web Services: For VB and VB .NET Developers by Yasser Shohoud

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

10.3. Authorization SOAP Extension

The WS-Security specification defines standards for using SOAP headers to communicate credentials, digitally sign and encrypt messages. In most cases, you're still pretty much on your own for implementing authorization (controlling access to resources based on user credentials).

Usually, authentication and authorization are insufficient because they don't protect your service from threats such as compromised data integrity/confidentiality or replay attacks. If you are transmitting sensitive data, you're also likely to need digital signature and encryption mechanisms. Although you can use SSL for data encryption, WS-Security recommends XML Signature and XML Encryption to digitally sign and encrypt SOAP messages. ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required