Previous Page | Next Page

Administering SAS BI Web Services

Securing SAS BI Web Services for .NET

If you choose to enable the anonymous user during SAS Deployment Wizard configuration, SAS BI Web Services for .NET is configured with a default user to use for clients who do not provide credentials when calling generated Web services. This is not highly secure because it allows anyone to call your generated Web services. You can change the default credentials to be a different user, to use SSPI, or you can remove the default credentials to disable anonymous access. These credentials are stored in the file pointed to by the SystemMetadataFile setting in your Web.config file. You can use this anonymous user technique only when SAS BI Web Services for .NET is configured in Host (SAS) authentication mode. When in Trusted (Web) authentication mode, the trusted user's credentials should be stored in the SystemMetadataFile.

Web Services Enhancements for Microsoft .NET (WSE) is a Microsoft add-on to .NET that implements advanced Web services specifications, such as WS-Security. SAS BI Web Services for .NET is secured with WSE by default in 9.2 using UsernameToken authentication in clear text. Additional security measures can be configured by performing the following tasks:

You need to modify the GeneratedServicesPolicy WSE policy in the wse3policycache.config file to enable these advanced options. For information, see http://msdn.microsoft.com/en-us/library/aa480582.aspx.

Note:   Use caution when using the Microsoft WSE Configuration Tool (WseConfigEditor.exe) to edit a SAS BI Web Services for .NET configuration. The WSE Configuration Tool does not support custom policy assertions and using the tool completely removes them. Instead, edit the wse3policyCache.config file manually and add the desired security elements to the existent SAS configuration.  [cautionend]

Previous Page | Next Page | Top of Page

Copyright © 2010 by SAS Institute Inc., Cary, NC, USA. All rights reserved.