Security questions

[Nikolay Anestev]

Hi all. I have the following concerns which I'm trying to solve:
Running mobile ASP.NET( C# ) application on IIS 6.0 / Windows 2003 Server,
which must be provided with certain security. I'm reading issues about WTLS
protocol which is designed to implement this security, but few questions
aroused.
First, the authentification which WTLS automatically provides is optional. I
want all the users of this application and the server always to be
authentificated. Is this a matter of some server-side settings?
Is there a way to make my users always use security oriented connection (
commonly reffered by the 9203 port ) despite of the initial settings of the
mobile browser they have.

These are some of the questions. If someone could answer them I'd be very
thankful.
Thank you in advance.
Best regards.

Nikolay Anestev

 

[Jean-Luc David [MS-MVP]]

Hi Nicolay,

The long and the short answer is that you need a WAP gateway between
your web server and the mobile device. The gateway will convert WTLS
traffic into SSL. The layout looks like this:

[WAP Device]<-- WTLS --> [WAP Gateway]<-- SSL -->[IIS]

Here is a more detailed explanation on thewirelessfaq.com:
http://www.thewirelessfaq.com/9.4.asp

WTLS is only supported on compliant browsers such as the jBrowser and
WinWAP Pro. Please refer to the following list of WAP Gateways (some
of them are WTLS compliant): http://www.thewirelessfaq.com/13.4.asp

Thanks,
Jean-Luc David
Microsoft .NET MVP
(e-mail address removed)
http://www.stormpixel.com
http://weblogs.asp.net/jld/

--- Original Message ---