Web Service Security

Hello, Once i build a web service, i built a windows app that will connect and interface with it.... Now that i have the web service, how can i make the web service application secure?
kwickwayAsked:
Who is Participating?

Improve company productivity with a Business Account.Sign Up

x
 
whatsit2002Connect With a Mentor Commented:
kwickway,

There are two main things you probably need to be concerned with when it comes to web service security. Those are: authentication, and secure transfer of data across "the wire."

The easiest way I have found to implement security on a web service is to use the security features built in to IIS. If you disable anonymous access to the virtual directory that your web service is housed in, and enable basic or integrated security, that will take care of the authentication step. After that, you can achieve secure data transfer by using SSL (also a feature of IIS).

Then, your web service client would create a reference to the web service class like so:

_Ws = new MyServiceWs();
System.Net.CredentialCache cache = new CredentialCache();
System.Net.NetworkCredential cred = new NetworkCredential(username, password, nt_domain);
cache.Add("https://myurl/virtualdirectory/MyServiceWs.asmx", "NTLM", cred);
_Ws.Credentials = cred;

Please note that there is also a third security concern: Authorization. Your application should check to make sure the user is authorized to use the resources they are accessing. However, I don't believe that is what your questions was about. If you would like more information about authorization, please let me know.

Jason
0
 
Mohammed NasmanSoftware DeveloperCommented:
0
 
Bob LearnedCommented:
Use the https: protocol with SSL.

Bob
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.