Solved

Web Service Security

Posted on 2009-07-08
4
280 Views
Last Modified: 2013-11-16
I am interested in knowing how security of web services is handled.  Is there a way to encrypt everything that goes in and out of a web service with out coming up with my own solution?  I suspect there are built in Mechanisms for handling this that are optimized for performance.  Does anyone have any resources they can point me too?

Thanks for your help.
C
0
Comment
Question by:CW596
  • 2
  • 2
4 Comments
 
LVL 8

Expert Comment

by:OBonio
ID: 24803694
Encryption wise, doing them over SSL is the best option.  You may need to roll your own authentication though if you want that aswell.  Depends on what platform the server sits.

Personally, I'm using basic authentication over SSL.
0
 

Author Comment

by:CW596
ID: 24806409
Thanks for the feedback Obonio.  Sorry it took me all morning to get back.  I have been away from my desk.  

I am familiar with programming ASP.net pages and using the session object to implement SSL.  In this case my company has a windows forms client that we distribute to our customers.  The client consumes several web services that we provide.  We have a need for an administrative application that will be used to remotely use our web services in the field.  This administrative app may require passing of sensitive info.    We do have basic authentication but we are concerned about someone monitoring the network and finding ways to hack in etc.  Fortunately we are low profile for the moment but this will change in time.

Is implementing SSL with web services like using a session object or is there more to it.  Do you have a link to some tutorials I can see. Do you have some sample code that would be helpful?   What references do I need for the classes I will be using SSL in.

Sorry about my ignorance on this stuff.

Thank you for your help.
C
0
 
LVL 8

Accepted Solution

by:
OBonio earned 250 total points
ID: 24807577
SSL is implemented at the IIS level if you're using windows.  It will take care of all the encryption.  It's transparent from the ASP.Net side.

http://support.microsoft.com/kb/299875

You can buy certificates from well known outlets (VeriSign etc), or you can generate your own (though this is a bit more tricky).

http://www.xenocafe.com/tutorials/self_signed_cert_IIS/self_signed_cert_IIS-part1.php


0
 

Author Closing Comment

by:CW596
ID: 31601104
Had a good talk with my boss on this stuff.  We may use SSL or TLS but I am investigating some other directions first.  Thanks for your help OBonio.  You got the ball rolling.
0

Featured Post

DevOps Toolchain Recommendations

Read this Gartner Research Note and discover how your IT organization can automate and optimize DevOps processes using a toolchain architecture.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Antivirus - Webroot vs Symantec? 6 138
Problem to go to Web page 2 119
Computer has been hijacked? 13 90
Grunt script for Build Process 1 29
When the confidentiality and security of your data is a must, trust the highly encrypted cloud fax portfolio used by 12 million businesses worldwide, including nearly half of the Fortune 500.
There are many Password Managers (PM) out there to choose from. PM's can help with your password habits and routines, but they should not be a crutch you rely on too heavily. I also have an article for company/enterprise PM's.
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

773 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question