Solved

Web Service Security

Posted on 2006-07-08
4
200 Views
Last Modified: 2010-04-16
Hello, Once i build a web service, i built a windows app that will connect and interface with it.... Now that i have the web service, how can i make the web service application secure?
0
Comment
Question by:kwickway
4 Comments
 
LVL 6

Expert Comment

by:MuhammadAdil
ID: 17067168
0
 
LVL 22

Expert Comment

by:Mohammed Nasman
ID: 17068561
0
 
LVL 96

Expert Comment

by:Bob Learned
ID: 17068976
Use the https: protocol with SSL.

Bob
0
 
LVL 7

Accepted Solution

by:
whatsit2002 earned 250 total points
ID: 17084944
kwickway,

There are two main things you probably need to be concerned with when it comes to web service security. Those are: authentication, and secure transfer of data across "the wire."

The easiest way I have found to implement security on a web service is to use the security features built in to IIS. If you disable anonymous access to the virtual directory that your web service is housed in, and enable basic or integrated security, that will take care of the authentication step. After that, you can achieve secure data transfer by using SSL (also a feature of IIS).

Then, your web service client would create a reference to the web service class like so:

_Ws = new MyServiceWs();
System.Net.CredentialCache cache = new CredentialCache();
System.Net.NetworkCredential cred = new NetworkCredential(username, password, nt_domain);
cache.Add("https://myurl/virtualdirectory/MyServiceWs.asmx", "NTLM", cred);
_Ws.Credentials = cred;

Please note that there is also a third security concern: Authorization. Your application should check to make sure the user is authorized to use the resources they are accessing. However, I don't believe that is what your questions was about. If you would like more information about authorization, please let me know.

Jason
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
C# GridRow get Old/New Value 1 55
XML & .net 5 41
Memory Usage 2 50
open System.IO.Compression.ZipArchiveEntry as ZipFile without storing to file 2 13
Introduction This article series is supposed to shed some light on the use of IDisposable and objects that inherit from it. In essence, a more apt title for this article would be: using (IDisposable) {}. I’m just not sure how many people would ge…
Real-time is more about the business, not the technology. In day-to-day life, to make real-time decisions like buying or investing, business needs the latest information(e.g. Gold Rate/Stock Rate). Unlike traditional days, you need not wait for a fe…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Along with being a a promotional video for my three-day Annielytics Dashboard Seminor, this Micro Tutorial is an intro to Google Analytics API data.

863 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

23 Experts available now in Live!

Get 1:1 Help Now