WebApp Sec mailing list archives

RE: Web app based on .net - best practice?

From: "Calderon, Juan C (CORP, DDEMESIS)" <Juan.Calderon () ddemesis ge com>
Date: Wed, 23 Apr 2003 12:10:46 -0400

****************
I thought it would be a good idea to have the presentation layer (asp)
in a DMZ and the business layer (components in VB and C#) in a safe site
behind a firewall. The communication in between would take place with
RPC calls. 
****************

Well... If you are using .NET, RPC will not be the "correct" approach according Microsoft, but Web Services.   Web 
Services are called in a RPC-like  basis, this is, inserting a reference in a ASP.NET Project will allow you to call 
them as they were part of the project, Besides .NET Framework 1.1 (or 1.0 plus Web Services Enhancement Pack) provides 
WS-Security specification support.

Perhaps, You'll find these documents interesting:
"Security in a Web Services World: A Proposed Architecture and Roadmap" 
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnwssecur/html/securitywhitepaper.asp (it mentions DMZ)
"Web Services Security" http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnnetsec/html/SecNetch10.asp

Cheers :)

Current thread:

Web app based on .net - best practice? Mads Rasmussen (Apr 23)
- RE: Web app based on .net - best practice? Dennis Hurst (Apr 23)
- Re: Web app based on .net - best practice? Alex Russell (Apr 23)
- RE: Web app based on .net - best practice? TUER, DON (Apr 23)
- RE: Web app based on .net - best practice? Shaji Sethu (Apr 23)
- <Possible follow-ups>
- RE: Web app based on .net - best practice? Calderon, Juan C (CORP, DDEMESIS) (Apr 23)
- RE: Web app based on .net - best practice? Harbar, Spencer (Apr 24)