Search Results

Search found 3 results on 1 pages for 'shyneman'.

Page 1/1 | 1 

  • WCF Security Transport Security Questions

    - by shyneman
    I'm writing a set of WCF services that rely on transport security with Windows Authentication using the trusted subsystem model. However, I want to perform authorization based on the original client user that initiated the request (e.g. a user from a website with a username/password). I'm planning to achieve this by adding the original user's credentials in the header before the client sends the message and then the service will use the supplied credentials to authorize the user. So I have a few questions about this implementation: 1) using transport security with windows auth, I do NOT need to worry about again encrypting the passed credentials to ensure the validity... WCF automatically takes care of this - is this correct? 2) how does this implementation prevent a malicious service, running under some windows account within the domain, to send a message tagged with spoofed credentials. for e.g. a malicious service replaces the credentials with an Admin user to do something bad? Thanks for any help.

    Read the article

  • How to Use .NET Assembly from Legacy SQL Server 2000 DTS

    - by shyneman
    Hi All, I have a .NET assembly that needs to be called from a DTS package. There are two options I am considering to get this to work: 1) write a COM-callable wrapper for the .NET assembly and have the VBScript create the COM object to use 2) write a .NET command-line exe that uses that .NET assembly and have the VBScript execute that exe Can anybody comment on the pros/cons of either approach and which is the better way of doing this? If there are other solutions, I'd love to hear them too. Thanks a lot for any input.

    Read the article

  • Application Design: Single vs. Multiple Hits to the DB

    - by shyneman
    I'm building a service that performs a set of configured activities based on the type of request that it receives. Each activity involves going to the database and retrieving/updating some kind of information. The logic for each activity can be generalized and re-used across different request types. The activities may need to participate in a transaction for the duration of the servicing the request. One option, I'm considering is having each activity maintain its own access to DAL/database. This fully encapsulates the activity into a stand-alone re-usable piece, but hitting the database multiple times for one request doesn't seem like a viable option. I don't really know how to easily implement the concept of a transaction across the multiple activities here either. The second option is to encapsulate ALL the activities into one big activity and hit the database once. But this does not allow re-use and configuration of these activities for different requests. Does anyone have any suggestions and input about what should be the best way to approach my problem? Thanks for any help.

    Read the article

1