Web Service Security
I am interested in knowing how security of web services is handled. Is there a way to encrypt everything that goes in and out of a web service with out coming up with my own solution? I suspect there are built in Mechanisms for handling this that are optimized for performance. Does anyone have any resources they can point me too?
Thanks for your help.
C
Thanks for your help.
C
ASKER
Thanks for the feedback Obonio. Sorry it took me all morning to get back. I have been away from my desk.
I am familiar with programming ASP.net pages and using the session object to implement SSL. In this case my company has a windows forms client that we distribute to our customers. The client consumes several web services that we provide. We have a need for an administrative application that will be used to remotely use our web services in the field. This administrative app may require passing of sensitive info. We do have basic authentication but we are concerned about someone monitoring the network and finding ways to hack in etc. Fortunately we are low profile for the moment but this will change in time.
Is implementing SSL with web services like using a session object or is there more to it. Do you have a link to some tutorials I can see. Do you have some sample code that would be helpful? What references do I need for the classes I will be using SSL in.
Sorry about my ignorance on this stuff.
Thank you for your help.
C
I am familiar with programming ASP.net pages and using the session object to implement SSL. In this case my company has a windows forms client that we distribute to our customers. The client consumes several web services that we provide. We have a need for an administrative application that will be used to remotely use our web services in the field. This administrative app may require passing of sensitive info. We do have basic authentication but we are concerned about someone monitoring the network and finding ways to hack in etc. Fortunately we are low profile for the moment but this will change in time.
Is implementing SSL with web services like using a session object or is there more to it. Do you have a link to some tutorials I can see. Do you have some sample code that would be helpful? What references do I need for the classes I will be using SSL in.
Sorry about my ignorance on this stuff.
Thank you for your help.
C
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Had a good talk with my boss on this stuff. We may use SSL or TLS but I am investigating some other directions first. Thanks for your help OBonio. You got the ball rolling.
Personally, I'm using basic authentication over SSL.