Mastering Web Services Security phần 3

và ePortal sau đó được một danh sách các sản phẩm và giá cả trong lĩnh vực thương mại điện tử, sử dụng getProducts và getPrice. Khách hàng sau đó đặt một đơn đặt hàng cho các sản phẩm vào tài khoản của mình, mà yêu cầu ePortal từ , sử dụng placeOrder. | Getting Started with Web Services Security 67 Cryptography All network traffic between browser and ePortal and between ePortal and eBusiness is protected by SSL. Consequently clients are required to access the Web servers via HTTPS defaulting to port 443 which encrypts all message traffic. To enforce this requirement the IIS Web servers on both ePortal and eBusiness need to be configured to require a secure channel when accessing any resource. This requirement is part of the Secure Communications dialog box used during IIS set up. The SSL connections will enforce our message confidentiality and integrity requirements. Authentication We use HTTP basic authentication in our scenario since this type of authentication is built into the Microsoft environment and is easy to configure. Customers members and staff all have individual usernames and passwords and are required to login before accessing protected resources. These users are all recognized as Windows users and are mapped to Windows operating system OS user accounts. Visitors to the site are permitted to access unprotected resources using anonymous access these users are not required to login. The Authentication Methods dialog box of IIS is used to define these requirements and is discussed further in Chapter 8. Using HTTP basic authentication by itself would expose passwords on the Internet. By using basic authentication in conjunction with SSL we ensure that the passwords are protected from snooping as they travel over the network. In this example IIS on ePortal does not actually perform a password authentication check but simply impersonates the user and forwards the username and password on to eBusiness. The configuration file on eBusiness is set up to use an authentication mode of Windows which means that Web Services will use the authentication performed by the IIS Web server on eBusiness. Authorization To protect our StoreFrontService on eBusiness we use Windows discretionary access control

Bấm vào đây để xem trước nội dung
TỪ KHÓA LIÊN QUAN
TÀI LIỆU MỚI ĐĂNG
476    16    1    23-11-2024
Đã phát hiện trình chặn quảng cáo AdBlock
Trang web này phụ thuộc vào doanh thu từ số lần hiển thị quảng cáo để tồn tại. Vui lòng tắt trình chặn quảng cáo của bạn hoặc tạm dừng tính năng chặn quảng cáo cho trang web này.