Solved

Securing ASMX pages

Posted on 2004-10-14
4
861 Views
Last Modified: 2008-03-04
I have a ASMX web service page which has several functions. There is a Win app which calls functions from this web service page. This all works fine, except that the ASMX page can be accessed by anybody from the browser. With some of the functions, the user can even enter data into the fields (for functions that require parameters) and click a button to get the result.

How do I prevent users from accessing the ASMX page from the browser (or at least prevent them from using the functions) without affecting how the Win app is used? Thanks.
0
Comment
Question by:hobster
4 Comments
 
LVL 3

Accepted Solution

by:
Realmrat earned 25 total points
ID: 12317082
Buy "Building Secure Microsoft ASP.NET Applications" and read the 30 page Chapter 10: Web Services Security.  =]

This really is a big subject.

 - Joe
0
 
LVL 3

Assisted Solution

by:eekj
eekj earned 25 total points
ID: 12326103
Add a function that takes the an encrypted username and password then have your web service check these in a database. If the credentials are correct store the session id for that client in another database table. Each time one of the web service functions is called first check the sessionid from that client to see if they have been validated and only then allow them to execute the main part of the code for that function.
0

Featured Post

Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

Join & Write a Comment

Suggested Solutions

Extention Methods in C# 3.0 by Ivo Stoykov C# 3.0 offers extension methods. They allow extending existing classes without changing the class's source code or relying on inheritance. These are static methods invoked as instance method. This…
This article describes a simple method to resize a control at runtime.  It includes ready-to-use source code and a complete sample demonstration application.  We'll also talk about C# Extension Methods. Introduction In one of my applications…
Polish reports in Access so they look terrific. Take yourself to another level. Equations, Back Color, Alternate Back Color. Write easy VBA Code. Tighten space to use less pages. Launch report from a menu, considering criteria only when it is filled…
This video demonstrates how to create an example email signature rule for a department in a company using CodeTwo Exchange Rules. The signature will be inserted beneath users' latest emails in conversations and will be displayed in users' Sent Items…

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now