Solved

Web Service Security

Posted on 2006-07-08
4
206 Views
Last Modified: 2010-04-16
Hello, Once i build a web service, i built a windows app that will connect and interface with it.... Now that i have the web service, how can i make the web service application secure?
0
Comment
Question by:kwickway
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
4 Comments
 
LVL 22

Expert Comment

by:Mohammed Nasman
ID: 17068561
0
 
LVL 96

Expert Comment

by:Bob Learned
ID: 17068976
Use the https: protocol with SSL.

Bob
0
 
LVL 7

Accepted Solution

by:
whatsit2002 earned 250 total points
ID: 17084944
kwickway,

There are two main things you probably need to be concerned with when it comes to web service security. Those are: authentication, and secure transfer of data across "the wire."

The easiest way I have found to implement security on a web service is to use the security features built in to IIS. If you disable anonymous access to the virtual directory that your web service is housed in, and enable basic or integrated security, that will take care of the authentication step. After that, you can achieve secure data transfer by using SSL (also a feature of IIS).

Then, your web service client would create a reference to the web service class like so:

_Ws = new MyServiceWs();
System.Net.CredentialCache cache = new CredentialCache();
System.Net.NetworkCredential cred = new NetworkCredential(username, password, nt_domain);
cache.Add("https://myurl/virtualdirectory/MyServiceWs.asmx", "NTLM", cred);
_Ws.Credentials = cred;

Please note that there is also a third security concern: Authorization. Your application should check to make sure the user is authorized to use the resources they are accessing. However, I don't believe that is what your questions was about. If you would like more information about authorization, please let me know.

Jason
0

Featured Post

Online Training Solution

Drastically shorten your training time with WalkMe's advanced online training solution that Guides your trainees to action. Forget about retraining and skyrocket knowledge retention rates.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article is for Object-Oriented Programming (OOP) beginners. An Interface contains declarations of events, indexers, methods and/or properties. Any class which implements the Interface should provide the concrete implementation for each Inter…
Entity Framework is a powerful tool to help you interact with the DataBase but still doesn't help much when we have a Stored Procedure that returns more than one resultset. The solution takes some of out-of-the-box thinking; read on!
There's a multitude of different network monitoring solutions out there, and you're probably wondering what makes NetCrunch so special. It's completely agentless, but does let you create an agent, if you desire. It offers powerful scalability …
If you’ve ever visited a web page and noticed a cool font that you really liked the look of, but couldn’t figure out which font it was so that you could use it for your own work, then this video is for you! In this Micro Tutorial, you'll learn yo…

615 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question