Ask a Question related to ASP.NET Web Services, Design and Development.
-
John #1
Securing web service
Hi
How can I make sure that no one else can call and receive data from my web
methods?
Thanks
Regards
John Guest
-
Securing the CF administrator
I'm looking for a way to better secure the CF administrator, which comes up at http://www.domain.com/cfide/administrator/index.cfm because of the... -
Securing Database & DSN
Here is my situation: I am using Access, IIS & OBDC to connect to my databases. Is there a way to secure certain databases (namely the ones with... -
Securing a web service
Hi. Whats the best practice to secure a webserivce, basically I have already secured the webservice with XHEO however I need the webservice to... -
Securing response send back by Web Service
I am looking at samples that come along with WSE 2.0 but I cannot find any example that shows how to secure the response that is send by the... -
Securing MDBs
I've got a webserver, IIS6, and an ASP application running on that server. The ASP validates users by their logon name so for this particular... -
Dale #2 Re: Securing web service
Turn the server off.
"John" <john@nospam.infovis.co.uk> wrote in message
news:#seUmHsaEHA.556@tk2msftngp13.phx.gbl...> Hi
>
> How can I make sure that no one else can call and receive data from my web
> methods?
>
> Thanks
>
> Regards
>
>
Dale Guest
-
R.Balaji #3 Re: Securing web service
That was a nice joke. LOL.
Well, I assume that you don't want to give access to your webservice to the
unauthorized users.
1.Use sessions in your web methods in application layer
2.Use SSL in transport layer
More can be found under
[url]http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnnetsec/html/SecNetch10.asp[/url]
[url]http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cpguide/html/cpconUsingSOAPHeaders.asp[/url]
Regards,
R.Balaji
"Dale" <daleDeletepres@msndotcomNot.Net> wrote in message
news:uaTc4XsaEHA.4048@TK2MSFTNGP10.phx.gbl...web> Turn the server off.
>
> "John" <john@nospam.infovis.co.uk> wrote in message
> news:#seUmHsaEHA.556@tk2msftngp13.phx.gbl...> > Hi
> >
> > How can I make sure that no one else can call and receive data from my>> > methods?
> >
> > Thanks
> >
> > Regards
> >
> >
>
R.Balaji Guest
-
John Jenkins #4 Re: Securing web service
You could only send the wsdl defining your service to the people who are
entitled to use it, i.e. Don't publish the WSDL which would include endpoint
details etc.
Additionally you could look at implementing WS-Security frim MS. This would
validate any user who tried to use your service. The implementation is very
straightforward..
Search for "WS-Security Authentication and Digital Signatures with Web
Services Enhancements" in msdn.
"John" <john@nospam.infovis.co.uk> wrote in message
news:%23seUmHsaEHA.556@tk2msftngp13.phx.gbl...> Hi
>
> How can I make sure that no one else can call and receive data from my web
> methods?
>
> Thanks
>
> Regards
>
>
John Jenkins Guest
-
Michael Pearson #5 Re: Securing web service
I've always put a username / password params in each of my web methods. I
then validate the user on each method call, and THEN do the real work of the
web method.
You can authenticate that username / password against a hardcoded value, a
database value, or a web.config value.
Michael
"John" <john@nospam.infovis.co.uk> wrote in message
news:%23seUmHsaEHA.556@tk2msftngp13.phx.gbl...> Hi
>
> How can I make sure that no one else can call and receive data from my web
> methods?
>
> Thanks
>
> Regards
>
>
Michael Pearson Guest
-
Gerald Brose #6 Re: Securing web service
John wrote:
Rather than hardcoding security logic into your applications> How can I make sure that no one else can call and receive data
> from my web methods?
(as described in separate answers in this thread) you can use
a separate SOAP Firewall that allows you to
- integrate security transparently (i.e. without modifying
application code) even in multi-vendor deployments
- manage your security policies centrally, using a professional
admin console GUI
You may want to take a look at Xtradyne's WS-DBC (Domain Boundary
Controller), which delivers comprehensive security and enterprise-
grade performance. See [url]http://www.xtradyne.com[/url] for more info.
Regards, Gerald.
--
Dr. Gerald Brose mailto:brose@xtradyne.com
Xtradyne Technologies [url]http://www.xtradyne.com[/url]
Schoenhauser Allee 6-7, Phone: +49-30-440 306-27
D-10119 Berlin, Germany Fax : +49-30-440 306-78
Gerald Brose Guest
-
Tony #7 Re: Securing web service
Your username/password can be viewed by attacker, if your transport is HTTP.
Then he can do something else after obtain username/password. He can also
changed the request message with know what's the meaning of original message,
withoud detected by your web service. Best way is to go with SSL using client
certificate as security token, to encrypt and sign message. search WSE in
MSDN.
"Michael Pearson" wrote:
> I've always put a username / password params in each of my web methods. I
> then validate the user on each method call, and THEN do the real work of the
> web method.
>
> You can authenticate that username / password against a hardcoded value, a
> database value, or a web.config value.
>
> Michael
>
> "John" <john@nospam.infovis.co.uk> wrote in message
> news:%23seUmHsaEHA.556@tk2msftngp13.phx.gbl...>> > Hi
> >
> > How can I make sure that no one else can call and receive data from my web
> > methods?
> >
> > Thanks
> >
> > Regards
> >
> >
>
>Tony Guest
Reply With QuoteSimilar Questions and Discussions
Posting Permissions
- You may not post new threads
- You may post replies
- You may not post attachments
- You may not edit your posts
