?
Solved

How do you secure a C# Web Service

Posted on 2010-01-09
2
Medium Priority
?
282 Views
Last Modified: 2013-11-26
Hi everyone,

I am wanting ideas on how to secure a webservice. Basically we have a software activations webservice that applications we create talk to to verify the user's licence key and activate the software. However if anyone were to discover the web address to the service (which isnt really that hard seeing .net stores it in a plain text config file) they would be able to interact with our activations server.

I guess in a situation where you know that the service will only be visible from a few locations you could lock IIS down to a few IP Addresses but in this situation we are expecting connections from anywhere.

Can anyone offer some advice?

thanks,

Xavier,
0
Comment
Question by:locdang
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 96

Accepted Solution

by:
Bob Learned earned 2000 total points
ID: 26278629
I would look into Web Services Enhancements (WSE).  There are a few resources, like these that should help you get a start securing a web service with WSE.

An introduction to Web Service Security using WSE - Part I
http://www.codeproject.com/KB/webservices/WS-Security.aspx

Protect Your Web Services Through The Extensible Policy Framework In WSE 3.0
http://msdn.microsoft.com/en-us/magazine/cc163650.aspx
0
 
LVL 1

Author Closing Comment

by:locdang
ID: 31675137
This looks great, thanks for your help.
0

Featured Post

[Webinar] Lessons on Recovering from Petya

Skyport is working hard to help customers recover from recent attacks, like the Petya worm. This work has brought to light some important lessons. New malware attacks like this can take down your entire environment. Learn from others mistakes on how to prevent Petya like worms.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Many of us here at EE write code. Many of us write exceptional code; just as many of us write exception-prone code. As we all should know, exceptions are a mechanism for handling errors which are typically out of our control. From database errors, t…
Calculating holidays and working days is a function that is often needed yet it is not one found within the Framework. This article presents one approach to building a working-day calculator for use in .NET.
In this video we outline the Physical Segments view of NetCrunch network monitor. By following this brief how-to video, you will be able to learn how NetCrunch visualizes your network, how granular is the information collected, as well as where to f…
In this video, Percona Solution Engineer Dimitri Vanoverbeke discusses why you want to use at least three nodes in a database cluster. To discuss how Percona Consulting can help with your design and architecture needs for your database and infras…
Suggested Courses

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question