I work a company, they want to create an ecommerce, offering to buy their product through to Internet. we are preparing to join the ecommerce site with our internal system.
we have developed our structure and we have different DMZ DMZ1 - application server(server 2008 and apache)
DMZ2 - layer business web services (server 2008 and iis, aspnet 2.0)
DMZ3 - partial data base (server 2008 and Sybase) This data base will be connected to our data base internal.
i omit details of configuration of communication equipment
Mode to connect
DMZ1 connect to DMZ 2 , DMZ 2 connect to DMZ 3 , DMZ3 connect with internal system
In this moment the web services only accept call from DMZ1(application php) but in the future the company can offer services to other company o user. I am investigating how to secure web services according to my stage
How use php client to use a Microsoft WSE 2.0 services? If found “WSO2 Web Services Framework for PHP (WSO2 WSF/PHP), is an open source, enterprise grade, PHP extension for providing and consuming Web Services in PHP. WSO2 WSF/PHP is a complete solution for building and deploying Web services, and is the only PHP extension with the widest range of WS-* specification implementations.”
should use Microsoft WSE 2.0 services according ? in the case no what can I use for this?
if this is correct what specifications ws-* I should use?
Thanks for the time
My application is an asp.net web application which deals with different user logins(user types like Gatekeeper and Pde users).
Here only i am facing one peculiar problem that In Gatekeeper (login) uploaded one txt document in the application.After uploading QA team taking the copy of URL of uploaded document.
Let say URL be like :http://localhost/cms/UI/Documents/BoltonCMS11102009112303PM.txt
Now QA team they are login as Pde user and trying to paste the above URL in Home page,at this moment the uploaded document that is the txt file is opening which is a bug we need to restrict to open that uploaded document .
Instead of a direct link to a file, have a link to a page which takes an id on the query string, uses the id to lookup the file, and fails to do so if the permissions check fails. Or write a HTTP Handler for the file type which first checks permissions. I'd go the former, if you can hide the actual file path, it's harder to hack.
Driven to the arms of OSX by Vista.
Read my blog to find out how I've worked around bugs in Microsoft tools and frameworks.
before going any further I would like to consult you (experts).
once customer access the page, system will check whether or not customer gives a score to his last order, if not I want to open a page (may be pop-up) where he will score it. Since I have not worked with pop-ups before, do you suggest it?
I am working on an ASP.net application with 3.5 framework.
I need to implement control level role management i.e: the ability to hide or disable a control based on the users role or group credentials. Since I need to do this across all controls in the page I want a simple framework based on which I can implement this across the application without much effort and uniform accross the app. I am using windows authentication and sql server provided role management for authentication and role management.
Pointers and references in this directions will be deeply appreciated.
say for example:-
let us have 2 roles clerk and approver.
say clerk has rights to create order and edit order
approver has rights to only approve order
when a user with clerk credentials logs in only create and edit buttons to be available
if he is approver only approve button to be available.
lovinviewcontrol will do the trick for implementing this. but my requirement is if someone with the role of clerk and approver(multiple roles to the same user) logs in he must have create,edit and approve all the buttons available.
Well, during the user creation you can define the user by assignning it to a specific group, authentication type like windows or application, and roles. You may want to store them in the database and should be have normalize tables. Furthermore, You may perhaps have a group mainteance page or role maintenance where these could be maintained. So when the specific user is logged in to the system. You through the groups and roles and check what kinds of layout this user should be able to view.