For the next month (until 11/1/2007) we are Beta testing a new version of IWeb. This version will allow you to create a user:

and view the users details, including their password.

IWeb provides security for each method: 

You can get the Beta here:

IWeb_03.00.00_Install(Beta).zip

We are looking for any problems running it ...

In the past few months I have realized that:

·         The main goal of IWeb was to have a unified entry point for web services

I originally started this project because I saw that web services were needed to interface DotNetNuke with ASP.NET AJAX. I think Creating Secure DotNetNuke ASP.NET AJAX Web Services is essential for creating secure DotNetNuke AJAX web services.

Now I am concentrating on Silverlight (see: A 3D DotNetNuke Dream). While Silverlight 1.1 allows for code behind interaction with DotNetNuke, for fast communication with DotNetNuke (for example to pull a piece of data from the DotNetNuke database) web services are again the best option.

IWeb 02.30.00 has been posted. It contains a C# version of the IWeb connector client. We plan to release a C# version of the IWeb Core with the next major release hopefully in July. We will continue to maintain a VB and a C# version of IWeb

C# Conversion of IWeb Client provided by:
  

Currently IWeb allows you to encrypt the password, but it can be intercepted by a packet sniffer and “replayed”. To prevent this we have discussed it among the team and come up with two possible solutions. We would like to implement both of them and give developers a choice.

1) The client makes a call to IWeb and IWeb returns the current server time in minutes.
2) The client uses the pre-determined Security Key to encrypt the time and passes that value back to the IWeb when making a request
3) IWeb will attempt to unencrypted the value using the current time (and try one minute before and one minute after to account for slight differences).
4) The client can continue to make requests as it will change the value passed as each minute passes

Another method:

1) Client encrypts the user name/password pair using a shared encryption key
2) Client sends (possi ...

We just discovered a bug with IWeb 02.10.00. The secure AJAX method described here: http://iweb.adefwebserver.com/SecureWebServices/tabid/64/Default.aspx created a random encrypted password that sometimes created a value that threw a JavaScript syntax error every 10-20 times it was called.

What I learned from the DAL Project proposal was that it is not necessarily important for the DotNetNuke Core to adopt the code from a proposal as it is to adopt the “spirit” of the proposal. In the case of the DAL proposal, none of the proposed code was used, however the final implementation (the