[Last Call] Learn how to a build a cloud-first strategyRegister Now


Scheduled task for Web services - SQL Server

Posted on 2006-03-29
Medium Priority
Last Modified: 2010-04-15

I need to set up a scheduled task for retrieving information from a web service to enter the information in a SQL server database. What is the best way of setting this up when looking at security aspects. I have to do exports as wel as imports to the SQL server. I preferably want to set it up in c#.

thanks, GL
Question by:GoldyLock
  • 3
  • 2
LVL 13

Expert Comment

ID: 16331908
This is a very broad and general question so I'm not sure you going to get any answers your looking for.

Author Comment

ID: 16332332
I have slowly realised that, since this is my first answer ;-)

Since I preferably wanted to do it with C#, I placed it here, but indead it's not a specifiek code question. Should I rather place it under security? All I wanted to know was actually if a C# executable would be a suitable solution or if it would come with security aspects?

Thanks, GL
LVL 12

Expert Comment

ID: 16334410

This is a long shot, as you say it is a broad question.

The solution depends on exactly what you are trying to do. You say "retrieving from a web service": I take it you mean pulling data from an external web service on a regular basis into your SQL server? If so then you should be looking at setting up a windows service to interact with the web service, and enter the data into the SQL server via storeed procedures. In terms of security this is fine; the windows service can be run on a minimum permissions account, which will only have permissions on your SQL server to run the insert queries that it needs to.

The bit I don't understand is where you talk about exports: do you mean that this web service is going to then receive data from the web service? If so that implies that people are using the web service to both push data into the sql database and pull it out again? If that is the case it would be more appropriate to link the web service to the database using a data access layer rather than periodically sync the database and web service?

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.


Author Comment

ID: 16340366
Hi Andy,

This is what needs to happen:

exports (one time per 24 hours):
  data from internal DB gets exported to a external web service that will update the information in a 3rd party application.
  (third party is owner of web services)  

imports (one time per 24 hours) :
  data from the external web services gets retrieved and placed in the internal DB.

Basically a synchronization between two systems.

Help me out a bit more and the points are sure yours.

thanks, GL
LVL 12

Accepted Solution

AGBrown earned 2000 total points
ID: 16342062
Its an interesting model! I assume that the 3rd party is not going to reprogram their side of things, which is why you are doing it like this.

So for this I would use a simple windows service. It can be on the same, or a different machine to the sql server, just as long as it has connectivity to the sql server. This service will have a simple timer component - you can set this to be periodic, or to fire at a particular time. It will have two components: one will do the pull from the 3rd party web service; the other will do the push to the 3rd party service.

If you program the classes to do the read and write properly they will also then be transferable to different service layers later should requirements change significantly.

In terms of security, you have less of a surface area (you are not exposing your own services which can be attacked), and, as I say, you can run the windows service on a secure part of your network with minimal permissons on both windows and sql server. Your service's windows account can be associated with a database role in your database that only allows them to run two stored procedures - one to do the reads and one to do the inserts.

The service account itself will probabaly be in the Users group, with Log on as a service policy permissions, though I think you could lock it down a lot further than this with some trial and error.


Author Comment

ID: 16342553
Thanks Andy,

and you're right, the 3rd party's application and web services will stay as implemented. Your answer is what I looked for.

Featured Post


Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Introduction Although it is an old technology, serial ports are still being used by many hardware manufacturers. If you develop applications in C#, Microsoft .NET framework has SerialPort class to communicate with the serial ports.  I needed to…
Exception Handling is in the core of any application that is able to dignify its name. In this article, I'll guide you through the process of writing a DRY (Don't Repeat Yourself) Exception Handling mechanism, using Aspect Oriented Programming.
This Micro Tutorial will teach you how to add a cinematic look to any film or video out there. There are very few simple steps that you will follow to do so. This will be demonstrated using Adobe Premiere Pro CS6.
Integration Management Part 2
Suggested Courses
Course of the Month18 days, 2 hours left to enroll

829 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question