Exam : 070-529
Title : Microsoft .NET Framework 2.0 – Distributed Application Development
Ver : 02.14.07
You have a Web service that is deployed on an unsecured network. You need to implement encryption on the Web service. The implementation must be configurable at run time. What should you do?
A. Apply Web Services Enhancements (WSE) 3.0 security to the Web service that is configured to use an X.509 certificate with the Sign-Only protection level.
B. Write custom code in each Web method of the Web service that encrypts the data by using the DESCryptoServiceProvider class.
C. Write a custom SOAP extension attribute class to encrypt and decrypt the SOAP message. Apply the attribute to the Web service class.
D. Apply Web Services Enhancements (WSE) 3.0 security to the Web service that is configured to use an X.509 certificate with the Sign and Encrypt protection level.
Only by using an X.509 certificate with Sign and Encrypt protection (D) can the parties of the message ensure that the message has not only not been tampered with, but that it can only be read by parties with the appropriate certificate.
Encryption on Web Services that is configurable at runtime is done through Web Services Enhancements (WSE) 3.0 security in 2.0, thus writing custom code (B) or using a custom SOAP extension (C) is not the most efficient or correct answer.
Using an X.509 certificate with Sign-Only protection (A), makes a hash of the content, and ensures at the other end that the message has not been tampered with – but does not ensure that no-one has read it along the way.