Reputation: 21231
How do I securly pass user credentials from a server to a client?
My goal is to launch an installation with admin credentials(user with install rights), In order to do this I need to pass these user credentials from a webservice. So the question is What is the most secure way I could pass this data. Keeping in mind the user of the end client is not logged in as an administrator but I would assume has access to the data during transport(ie I cannot count on channel security alone.)
Myclient code would be a vb or C# application talking to an asp.net webservice.
Upvotes: 1
Views: 1059
Answers (2)
Reputation: 1500
Encryption will protect admin credentials during transport from WebService to application memory, as pointed by gedevan.
Do you mean you also want to protect them from the user who launches application? Keep in mind, he is an owner of your process, so with the right tooling and a lot of determination he should be able to extract credentials from process memory.
Upvotes: 1
Reputation: 1303
Using encryption of message body (WS-Encryption) in pair with HTTPS is a quite secured in most cases.
Upvotes: 0
Related Questions
- How to pass user credentials to web service?
- How to pass credentials to a SOAP webservice?
- passing username and password to the server in a secure way
- What is a good way of forwarding credentials within a web environment?
- How to authenticate user while calling a webservice (in ASP.Net)?
- How to call a web service using stored credentials?
- Passing user credentials to a Webservice
- calling web service using current users credentials
- Pass user credentials between SharePoint web application and ASP.NET web application
- How to Send HTTP Auth Credentials to a non .NET WebService