Solved

Web Service Security

Posted on 2009-07-08
4
274 Views
Last Modified: 2013-11-16
I am interested in knowing how security of web services is handled.  Is there a way to encrypt everything that goes in and out of a web service with out coming up with my own solution?  I suspect there are built in Mechanisms for handling this that are optimized for performance.  Does anyone have any resources they can point me too?

Thanks for your help.
C
0
Comment
Question by:CW596
  • 2
  • 2
4 Comments
 
LVL 8

Expert Comment

by:OBonio
ID: 24803694
Encryption wise, doing them over SSL is the best option.  You may need to roll your own authentication though if you want that aswell.  Depends on what platform the server sits.

Personally, I'm using basic authentication over SSL.
0
 

Author Comment

by:CW596
ID: 24806409
Thanks for the feedback Obonio.  Sorry it took me all morning to get back.  I have been away from my desk.  

I am familiar with programming ASP.net pages and using the session object to implement SSL.  In this case my company has a windows forms client that we distribute to our customers.  The client consumes several web services that we provide.  We have a need for an administrative application that will be used to remotely use our web services in the field.  This administrative app may require passing of sensitive info.    We do have basic authentication but we are concerned about someone monitoring the network and finding ways to hack in etc.  Fortunately we are low profile for the moment but this will change in time.

Is implementing SSL with web services like using a session object or is there more to it.  Do you have a link to some tutorials I can see. Do you have some sample code that would be helpful?   What references do I need for the classes I will be using SSL in.

Sorry about my ignorance on this stuff.

Thank you for your help.
C
0
 
LVL 8

Accepted Solution

by:
OBonio earned 250 total points
ID: 24807577
SSL is implemented at the IIS level if you're using windows.  It will take care of all the encryption.  It's transparent from the ASP.Net side.

http://support.microsoft.com/kb/299875

You can buy certificates from well known outlets (VeriSign etc), or you can generate your own (though this is a bit more tricky).

http://www.xenocafe.com/tutorials/self_signed_cert_IIS/self_signed_cert_IIS-part1.php


0
 

Author Closing Comment

by:CW596
ID: 31601104
Had a good talk with my boss on this stuff.  We may use SSL or TLS but I am investigating some other directions first.  Thanks for your help OBonio.  You got the ball rolling.
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

You cannot be 100% sure that you can protect your organization against crypto ransomware but you can lower down the risk and impact of the infection.
Ransomware continues to be a growing problem for both personal and business users alike and Antivirus companies are still struggling to find a reliable way to protect you from this dangerous threat.
Wufoo.com provides powerful tools for surveying targeted groups, and utilizing data from completed surveys to find trends, discover areas of demand or customer expectation, and make business decisions on products or services.
Use Wufoo, an online form creation tool, to make powerful forms. Learn how to selectively show certain fields based on user input using rules to gather relevant information and data from your forms. The rules feature provides you with an opportunity…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now