validating XML signatures

[goaway1234]

I am designing an application that uses a Web Service. It is imperative that this web service only allow one other computer to use it (the computer that hosts our website). I have decided that the Web Service will take just one argument, a SignedXml document, and that the SignedXml will contain all the other arguments that my application needs.

Both the web service and its consumer have certificates that identify them. What is the best way to go about making sure that the message 1) has a valid signature, and 2) was signed using a particular certificate? Thanks in advance.

 

[chiph]

You can set IIS to accept requests only from computers supplying a certain certificate. Look at the security tab on the properties dialog for your web service in the IIS snapin.

Chip H.


____________________________________________________________________
If you want to get the best response to a question, please read FAQ222-2244 first