tags:

views:

44

answers:

1
+1  Q: 

ASP.NET MVC2 Post to SSL and WCF Service

I have an ASP.NET MVC2 application hosted in a non-secure environment (http), also I have my account services (WCF) on an SSL server. I need to post a form that is on the non-secure http application to a secure SSL and access then the service. By no means I'm allowed to host the application in the SSL server (because it will loose the load balancing).

What could be the best approach to solve this problem? 1. Do the normal post in the mvc application and call the SSL hosted WCF Service. 2. Create an mvc application in the SSL server, then make the non-secure application call an action on the secure one, then the secure mvc call the service. 3. Any other approach?

I'm kinda new and will help me lots. Thanks in advanced.

A: 

1.Do the normal post in the mvc application and call the SSL hosted WCF Service.

NO. I think you actually need to use SSL because the data you're sending is quite sensitive. so make a normal POST is not an option.

2.Create an mvc application in the SSL server, then make the non-secure application call an action on the secure one

Could be. Very straightforward, but will add a new the load of a new app to maintain. however it's an acceptable cost.

Another solutions

  • well, if this is an exceptional case, and there are no other cases when you have these security requirements, there are libraries as jCryption that let you encrypt data without SSL. simpler and effective, in an exceptional case. you can use some kind of ModelBinder to hude this process. citing them:

    • "Normally if you submit a form and you don’t use SSL, your data will be sent in plain text. But SSL is neither supported by every webhost nor it’s easy to install/apply sometimes. So I created this plug-in in order that you are able to encrypt your data fast and simple. jCryption uses the public-key algorithm of RSA for the encryption." (via JCryption main page)

  • if are going to need SSL often, I would look for some kind of SSL gateway to accept SSL requests in the SSL server and redirect them internally -attention, just internally. I mean inside your local network. do not let that data to travel plain among the internet! point- to the plain HTTP server and sent the response back to the client via SSL again. Anyway, I think it's less scalable and manageable than make it in the normal fashion looking for a way to adapt your load balancing to your new SSL requirements.

SDReyes  2010-09-23 16:39:48

related questions

What is the best architecture to bridge to XMPP?
How to expose a collection property?
How do you build a ratings implementation?
Alternative "architectural" approaches to javaScript client code?
Split data access class into reader and writer or combine them?
Guide to choosing between REST vs SOAP services?
Best architecture for handling file system changes?
Globalization architecture
How Did You Decide Between WISA and LAMP?
Best Blogs for Software Architecture
Experience documentation about Shared Nothing Architecture
Agile architectures
VS.NET Application Diagrams
Documenting program architecture
Books for software architect
How do you do system integration?
Design debate: what are good ways to store and manipulate versioned objects?
Passing more parameters in C function pointers
Send messages to program through command line
Interfaces on different logic layers
How to structure a java application, in other words: where do I put my classes?
Are there any negative reasons to use an N-Tier solution?
Linux - files and scripts that execute on boot
Good STL-like library for C.
Best way to allow plugins for a PHP application