Solved

Web Service Security

Posted on 2009-07-08
4
281 Views
Last Modified: 2013-11-16
I am interested in knowing how security of web services is handled.  Is there a way to encrypt everything that goes in and out of a web service with out coming up with my own solution?  I suspect there are built in Mechanisms for handling this that are optimized for performance.  Does anyone have any resources they can point me too?

Thanks for your help.
C
0
Comment
Question by:CW596
  • 2
  • 2
4 Comments
 
LVL 8

Expert Comment

by:OBonio
ID: 24803694
Encryption wise, doing them over SSL is the best option.  You may need to roll your own authentication though if you want that aswell.  Depends on what platform the server sits.

Personally, I'm using basic authentication over SSL.
0
 

Author Comment

by:CW596
ID: 24806409
Thanks for the feedback Obonio.  Sorry it took me all morning to get back.  I have been away from my desk.  

I am familiar with programming ASP.net pages and using the session object to implement SSL.  In this case my company has a windows forms client that we distribute to our customers.  The client consumes several web services that we provide.  We have a need for an administrative application that will be used to remotely use our web services in the field.  This administrative app may require passing of sensitive info.    We do have basic authentication but we are concerned about someone monitoring the network and finding ways to hack in etc.  Fortunately we are low profile for the moment but this will change in time.

Is implementing SSL with web services like using a session object or is there more to it.  Do you have a link to some tutorials I can see. Do you have some sample code that would be helpful?   What references do I need for the classes I will be using SSL in.

Sorry about my ignorance on this stuff.

Thank you for your help.
C
0
 
LVL 8

Accepted Solution

by:
OBonio earned 250 total points
ID: 24807577
SSL is implemented at the IIS level if you're using windows.  It will take care of all the encryption.  It's transparent from the ASP.Net side.

http://support.microsoft.com/kb/299875

You can buy certificates from well known outlets (VeriSign etc), or you can generate your own (though this is a bit more tricky).

http://www.xenocafe.com/tutorials/self_signed_cert_IIS/self_signed_cert_IIS-part1.php


0
 

Author Closing Comment

by:CW596
ID: 31601104
Had a good talk with my boss on this stuff.  We may use SSL or TLS but I am investigating some other directions first.  Thanks for your help OBonio.  You got the ball rolling.
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
I suddenly cannot write to C drive 20 87
Places to advertise 6 46
Oracle encryption 12 48
Connecting to multiple databases to create a Dashboard 5 48
Provide an easy one stop to quickly get the relevant information on common asked question on Ransomware in Expert Exchange.
Many companies are looking to get out of the datacenter business and to services like Microsoft Azure to provide Infrastructure as a Service (IaaS) solutions for legacy client server workloads, rather than continuing to make capital investments in h…
This video teaches viewers how to create their own website using cPanel and Wordpress. Tutorial walks users through how to set up their own domain name from tools like Domain Registrar, Hosting Account, and Wordpress. More specifically, the order in…
Learn how to set-up PayPal payment integration in your Wufoo form. Allow your users to remit payment through PayPal upon completion of your online form. This is helpful for collecting membership payments, customer payments, donations, and more.

861 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question