Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Web Service Security

Posted on 2009-07-08
4
Medium Priority
?
285 Views
Last Modified: 2013-11-16
I am interested in knowing how security of web services is handled.  Is there a way to encrypt everything that goes in and out of a web service with out coming up with my own solution?  I suspect there are built in Mechanisms for handling this that are optimized for performance.  Does anyone have any resources they can point me too?

Thanks for your help.
C
0
Comment
Question by:CW596
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 8

Expert Comment

by:OBonio
ID: 24803694
Encryption wise, doing them over SSL is the best option.  You may need to roll your own authentication though if you want that aswell.  Depends on what platform the server sits.

Personally, I'm using basic authentication over SSL.
0
 

Author Comment

by:CW596
ID: 24806409
Thanks for the feedback Obonio.  Sorry it took me all morning to get back.  I have been away from my desk.  

I am familiar with programming ASP.net pages and using the session object to implement SSL.  In this case my company has a windows forms client that we distribute to our customers.  The client consumes several web services that we provide.  We have a need for an administrative application that will be used to remotely use our web services in the field.  This administrative app may require passing of sensitive info.    We do have basic authentication but we are concerned about someone monitoring the network and finding ways to hack in etc.  Fortunately we are low profile for the moment but this will change in time.

Is implementing SSL with web services like using a session object or is there more to it.  Do you have a link to some tutorials I can see. Do you have some sample code that would be helpful?   What references do I need for the classes I will be using SSL in.

Sorry about my ignorance on this stuff.

Thank you for your help.
C
0
 
LVL 8

Accepted Solution

by:
OBonio earned 750 total points
ID: 24807577
SSL is implemented at the IIS level if you're using windows.  It will take care of all the encryption.  It's transparent from the ASP.Net side.

http://support.microsoft.com/kb/299875

You can buy certificates from well known outlets (VeriSign etc), or you can generate your own (though this is a bit more tricky).

http://www.xenocafe.com/tutorials/self_signed_cert_IIS/self_signed_cert_IIS-part1.php


0
 

Author Closing Comment

by:CW596
ID: 31601104
Had a good talk with my boss on this stuff.  We may use SSL or TLS but I am investigating some other directions first.  Thanks for your help OBonio.  You got the ball rolling.
0

Featured Post

Simplify Your Workload with One Tool

How do you combat today’s intelligent hacker while managing multiple domains and platforms? By simplifying your workload with one tool. With Lunarpages hosting through Plesk Onyx, you can:

Automate SSL generation and installation with two clicks
Experience total server control

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

It’s a strangely common occurrence that when you send someone their login details for a system, they can’t get in. This article will help you understand why it happens, and what you can do about it.
There are many Password Managers (PM) out there to choose from. PM's can help with your password habits and routines, but they should not be a crutch you rely on too heavily. I also have an article for company/enterprise PM's.
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

670 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question