[Last Call] Learn about multicloud storage options and how to improve your company's cloud strategy. Register Now

x
?
Solved

How to secure (ASP.NET) Web Service Authorization

Posted on 2010-08-25
4
Medium Priority
?
651 Views
Last Modified: 2012-06-27
I'm building a web service with many methods, some of which are user specific and require I authorize the user. I found these articles on using soap headers to pass login information:

Since I don't want to pass the username / password in clear text, the first approach seems necessary to secure the login. But I was wondering if that's necessary. Is there any way to call a web service using SSL (or force a client to use SSL)? If that was possible, I wouldn't need to do the round trip with passing a encryption key / token to the client first.

Thanks in advance.
0
Comment
Question by:ZekeLA
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 1

Author Comment

by:ZekeLA
ID: 33526270
I think the second link addressed my security issue but maybe you know the answers to my follow up questions. Accordign the msdn article, SSL can be used only if using Windows authentication. Since our users aren't Windows users, it sounds like I'll have to go with custom soap headers.

Does that sound correct to you?

Secondly, are there any usual practices about encrypting the soap header information? It looks like you need to get a token and then encrypt it. But for security, the token should expire at some point. Is there a rule of thumb as to how long the token should survive?

Thanks.
0
 
LVL 18

Expert Comment

by:Anil Golamari
ID: 33526393
http://msdn.microsoft.com/en-us/library/ff649205.aspx ( to use ssl in web apps)

http://www.svendens.com/flex/soap-headers-in-flex-and-ws-security/ (regarding security token)

Hope these links shade some light on your questions.

Hope it helps you.

0
 
LVL 1

Accepted Solution

by:
ZekeLA earned 0 total points
ID: 33536876
0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Just a quick little trick I learned recently.  Now that I'm using jQuery with abandon in my asp.net applications, I have grown tired of the following syntax:      (CODE) I suppose it just offends my sense of decency to put inline VBScript on a…
For those of you who don't follow the news, or just happen to live under rocks, Microsoft Research released a beta SDK (http://www.microsoft.com/en-us/download/details.aspx?id=27876) for the Xbox 360 Kinect. If you don't know what a Kinect is (http:…
This tutorial will teach you the special effect of super speed similar to the fictional character Wally West aka "The Flash" After Shake : http://www.videocopilot.net/presets/after_shake/ All lightning effects with instructions : http://www.mediaf…
In a question here at Experts Exchange (https://www.experts-exchange.com/questions/29062564/Adobe-acrobat-reader-DC.html), a member asked how to create a signature in Adobe Acrobat Reader DC (the free Reader product, not the paid, full Acrobat produ…

650 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question