Solved

Web Service Security

Posted on 2009-07-08
4
284 Views
Last Modified: 2013-11-16
I am interested in knowing how security of web services is handled.  Is there a way to encrypt everything that goes in and out of a web service with out coming up with my own solution?  I suspect there are built in Mechanisms for handling this that are optimized for performance.  Does anyone have any resources they can point me too?

Thanks for your help.
C
0
Comment
Question by:CW596
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 8

Expert Comment

by:OBonio
ID: 24803694
Encryption wise, doing them over SSL is the best option.  You may need to roll your own authentication though if you want that aswell.  Depends on what platform the server sits.

Personally, I'm using basic authentication over SSL.
0
 

Author Comment

by:CW596
ID: 24806409
Thanks for the feedback Obonio.  Sorry it took me all morning to get back.  I have been away from my desk.  

I am familiar with programming ASP.net pages and using the session object to implement SSL.  In this case my company has a windows forms client that we distribute to our customers.  The client consumes several web services that we provide.  We have a need for an administrative application that will be used to remotely use our web services in the field.  This administrative app may require passing of sensitive info.    We do have basic authentication but we are concerned about someone monitoring the network and finding ways to hack in etc.  Fortunately we are low profile for the moment but this will change in time.

Is implementing SSL with web services like using a session object or is there more to it.  Do you have a link to some tutorials I can see. Do you have some sample code that would be helpful?   What references do I need for the classes I will be using SSL in.

Sorry about my ignorance on this stuff.

Thank you for your help.
C
0
 
LVL 8

Accepted Solution

by:
OBonio earned 250 total points
ID: 24807577
SSL is implemented at the IIS level if you're using windows.  It will take care of all the encryption.  It's transparent from the ASP.Net side.

http://support.microsoft.com/kb/299875

You can buy certificates from well known outlets (VeriSign etc), or you can generate your own (though this is a bit more tricky).

http://www.xenocafe.com/tutorials/self_signed_cert_IIS/self_signed_cert_IIS-part1.php


0
 

Author Closing Comment

by:CW596
ID: 31601104
Had a good talk with my boss on this stuff.  We may use SSL or TLS but I am investigating some other directions first.  Thanks for your help OBonio.  You got the ball rolling.
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Provide an easy one stop to quickly get the relevant information on common asked question on Ransomware in Expert Exchange.
Many companies are looking to get out of the datacenter business and to services like Microsoft Azure to provide Infrastructure as a Service (IaaS) solutions for legacy client server workloads, rather than continuing to make capital investments in h…
This video teaches users how to migrate an existing Wordpress website to a new domain.
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question