473,554 Members | 2,877 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

Securing web service

Hi

How can I make sure that no one else can call and receive data from my web
methods?

Thanks

Regards
Nov 21 '05 #1
6 2392
Turn the server off.

"John" <jo**@nospam.in fovis.co.uk> wrote in message
news:#s******** *****@tk2msftng p13.phx.gbl...
Hi

How can I make sure that no one else can call and receive data from my web
methods?

Thanks

Regards

Nov 21 '05 #2
That was a nice joke. LOL.

Well, I assume that you don't want to give access to your webservice to the
unauthorized users.

1.Use sessions in your web methods in application layer
2.Use SSL in transport layer

More can be found under
http://msdn.microsoft.com/library/de...SecNetch10.asp
http://msdn.microsoft.com/library/de...OAPHeaders.asp

Regards,
R.Balaji
"Dale" <da************ @msndotcomNot.N et> wrote in message
news:ua******** ******@TK2MSFTN GP10.phx.gbl...
Turn the server off.

"John" <jo**@nospam.in fovis.co.uk> wrote in message
news:#s******** *****@tk2msftng p13.phx.gbl...
Hi

How can I make sure that no one else can call and receive data from my web methods?

Thanks

Regards


Nov 21 '05 #3
You could only send the wsdl defining your service to the people who are
entitled to use it, i.e. Don't publish the WSDL which would include endpoint
details etc.

Additionally you could look at implementing WS-Security frim MS. This would
validate any user who tried to use your service. The implementation is very
straightforward ..
Search for "WS-Security Authentication and Digital Signatures with Web
Services Enhancements" in msdn.
"John" <jo**@nospam.in fovis.co.uk> wrote in message
news:%2******** *******@tk2msft ngp13.phx.gbl.. .
Hi

How can I make sure that no one else can call and receive data from my web
methods?

Thanks

Regards

Nov 21 '05 #4
I've always put a username / password params in each of my web methods. I
then validate the user on each method call, and THEN do the real work of the
web method.

You can authenticate that username / password against a hardcoded value, a
database value, or a web.config value.

Michael

"John" <jo**@nospam.in fovis.co.uk> wrote in message
news:%2******** *******@tk2msft ngp13.phx.gbl.. .
Hi

How can I make sure that no one else can call and receive data from my web
methods?

Thanks

Regards

Nov 21 '05 #5
John wrote:
How can I make sure that no one else can call and receive data
from my web methods?


Rather than hardcoding security logic into your applications
(as described in separate answers in this thread) you can use
a separate SOAP Firewall that allows you to

- integrate security transparently (i.e. without modifying
application code) even in multi-vendor deployments

- manage your security policies centrally, using a professional
admin console GUI

You may want to take a look at Xtradyne's WS-DBC (Domain Boundary
Controller), which delivers comprehensive security and enterprise-
grade performance. See http://www.xtradyne.com for more info.

Regards, Gerald.
--
Dr. Gerald Brose mailto:br***@xt radyne.com
Xtradyne Technologies http://www.xtradyne.com
Schoenhauser Allee 6-7, Phone: +49-30-440 306-27
D-10119 Berlin, Germany Fax : +49-30-440 306-78
Nov 21 '05 #6
Your username/password can be viewed by attacker, if your transport is HTTP.
Then he can do something else after obtain username/password. He can also
changed the request message with know what's the meaning of original message,
withoud detected by your web service. Best way is to go with SSL using client
certificate as security token, to encrypt and sign message. search WSE in
MSDN.

"Michael Pearson" wrote:
I've always put a username / password params in each of my web methods. I
then validate the user on each method call, and THEN do the real work of the
web method.

You can authenticate that username / password against a hardcoded value, a
database value, or a web.config value.

Michael

"John" <jo**@nospam.in fovis.co.uk> wrote in message
news:%2******** *******@tk2msft ngp13.phx.gbl.. .
Hi

How can I make sure that no one else can call and receive data from my web
methods?

Thanks

Regards


Nov 21 '05 #7

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

1
1462
by: Bruno Desthuilliers | last post by:
Hi everyone ! Could someone point me to infos about securing python for use as CGI or mod_python for a shared hosting environnement ? I searched google, but did not find anything specific :( I'm not an admin myself, but I try to convince my hosting admins to install Python. For now, their answser is that they don't know how to secure...
0
1130
by: RamseytheScot | last post by:
At the moment we have a httphandler. This handler connects to services and redirect messages to this service. To use this service you have to log on using a Username and Password. This Username and password are saved in the WMI. This by it self is a not very secure thing. Any idear of saving these username and passwords in a more secure...
2
1601
by: James | last post by:
What's the best way of securing online databases and web services? At present I am using a database password, which of course is not hard-coded into the web service, but this means re-submitting it with every function call from my windows client. Any alternatives?
11
3412
by: Wm. Scott Miller | last post by:
Hello all! We are building applications here and have hashing algorithms to secure secrets (e.g passwords) by producing one way hashes. Now, I've read alot and I've followed most of the advice that made sense. One comment I've seen alot about is "securing the hashing routine" but no-one explains how to accomplish this. So how do I secure...
1
1423
by: Scott McChesney | last post by:
Folks - We are running around and around here on a project we're developing, and I'm getting to the point that I don't know what I do and don't know. So I need some assistance. We are developing a web service that connects to an external LDAP server to validate a username/password that the user enters from a login page. Right now,...
1
2678
by: The Fox | last post by:
How to prevent user to add web reference to my web services? Can I add password to web services so that only the users who know the password can add a web reference? Thanks in advance.
0
949
by: David Tandberg-Johansen | last post by:
Hi! First of all, I am kind of a newbie. I am planning an project where I gonna use an web service and a desktop-client, but I have stumbled over a problem. The IIS server that i am planning to use in my project serves the company website. The website runs on default port 80 and can be accessed by anyone, but I don't want the service to...
4
1377
by: KJ | last post by:
Hello All, I have to secure my first real B2B web service. Could you please provide some guidance as to which method of security I should use. One caveat is that we will not be using SSL on the server side as per the networking department. Windows authentication is also probably not an option, as this web service will be interacting between...
2
1468
by: The Big Fat Sloppy Pig! | last post by:
x-no-archive: yes Hi All: I'm sort of "new" to doing this so I was wondering if anyone can offer some additional insight/suggestions. I've created a web-service that will be receiving some customer-critical information. I've written both the client application and the web-service. We need to make sure the data is "non-translatable"...
4
323
by: =?Utf-8?B?aGlsZXlq?= | last post by:
Hi, I'm developing a web service that needs to communicate with a custom application on an intranet. There is also a configuration utility which may be run on a different server machine for setting up and altering parameters on the service. This configuration web application may be browsed to via intranet or internet. This is the first...
0
7578
marktang
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main...
0
7497
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it. First, let's disable language...
0
8010
jinu1996
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that...
1
7530
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For...
0
7862
tracyyun
by: tracyyun | last post by:
Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the...
0
6119
agi2029
by: agi2029 | last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then...
0
3530
by: adsilva | last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
1
1111
muto222
by: muto222 | last post by:
How can i add a mobile payment intergratation into php mysql website.
0
812
bsmnconsultancy
by: bsmnconsultancy | last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.