472,374 Members | 1,267 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

home > topics > .net framework > questions > securing web service

Join Bytes to post your question to a community of 472,374 software developers and data experts.

Securing web service

Hi

How can I make sure that no one else can call and receive data from my web
methods?

Thanks

Regards
Nov 21 '05 #1
6 2270
Turn the server off.

"John" <jo**@nospam.infovis.co.uk> wrote in message
news:#s*************@tk2msftngp13.phx.gbl...
Hi

How can I make sure that no one else can call and receive data from my web
methods?

Thanks

Regards

Nov 21 '05 #2
That was a nice joke. LOL.

Well, I assume that you don't want to give access to your webservice to the
unauthorized users.

1.Use sessions in your web methods in application layer
2.Use SSL in transport layer

More can be found under
http://msdn.microsoft.com/library/de...SecNetch10.asp
http://msdn.microsoft.com/library/de...OAPHeaders.asp

Regards,
R.Balaji
"Dale" <da************@msndotcomNot.Net> wrote in message
news:ua**************@TK2MSFTNGP10.phx.gbl...
Turn the server off.

"John" <jo**@nospam.infovis.co.uk> wrote in message
news:#s*************@tk2msftngp13.phx.gbl...
Hi

How can I make sure that no one else can call and receive data from my web methods?

Thanks

Regards


Nov 21 '05 #3
You could only send the wsdl defining your service to the people who are
entitled to use it, i.e. Don't publish the WSDL which would include endpoint
details etc.

Additionally you could look at implementing WS-Security frim MS. This would
validate any user who tried to use your service. The implementation is very
straightforward..
Search for "WS-Security Authentication and Digital Signatures with Web
Services Enhancements" in msdn.
"John" <jo**@nospam.infovis.co.uk> wrote in message
news:%2***************@tk2msftngp13.phx.gbl...
Hi

How can I make sure that no one else can call and receive data from my web
methods?

Thanks

Regards

Nov 21 '05 #4
I've always put a username / password params in each of my web methods. I
then validate the user on each method call, and THEN do the real work of the
web method.

You can authenticate that username / password against a hardcoded value, a
database value, or a web.config value.

Michael

"John" <jo**@nospam.infovis.co.uk> wrote in message
news:%2***************@tk2msftngp13.phx.gbl...
Hi

How can I make sure that no one else can call and receive data from my web
methods?

Thanks

Regards

Nov 21 '05 #5
John wrote:
How can I make sure that no one else can call and receive data
from my web methods?


Rather than hardcoding security logic into your applications
(as described in separate answers in this thread) you can use
a separate SOAP Firewall that allows you to

- integrate security transparently (i.e. without modifying
application code) even in multi-vendor deployments

- manage your security policies centrally, using a professional
admin console GUI

You may want to take a look at Xtradyne's WS-DBC (Domain Boundary
Controller), which delivers comprehensive security and enterprise-
grade performance. See http://www.xtradyne.com for more info.

Regards, Gerald.
--
Dr. Gerald Brose mailto:br***@xtradyne.com
Xtradyne Technologies http://www.xtradyne.com
Schoenhauser Allee 6-7, Phone: +49-30-440 306-27
D-10119 Berlin, Germany Fax : +49-30-440 306-78
Nov 21 '05 #6
Your username/password can be viewed by attacker, if your transport is HTTP.
Then he can do something else after obtain username/password. He can also
changed the request message with know what's the meaning of original message,
withoud detected by your web service. Best way is to go with SSL using client
certificate as security token, to encrypt and sign message. search WSE in
MSDN.

"Michael Pearson" wrote:
I've always put a username / password params in each of my web methods. I
then validate the user on each method call, and THEN do the real work of the
web method.

You can authenticate that username / password against a hardcoded value, a
database value, or a web.config value.

Michael

"John" <jo**@nospam.infovis.co.uk> wrote in message
news:%2***************@tk2msftngp13.phx.gbl...
Hi

How can I make sure that no one else can call and receive data from my web
methods?

Thanks

Regards


Nov 21 '05 #7
New Post

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

1
urls on securing python on a shared hosting ?
by: Bruno Desthuilliers | last post by:
Hi everyone ! Could someone point me to infos about securing python for use as CGI or mod_python for a shared hosting environnement ? I searched google, but did not find anything specific :( ...
Python
0
Securing a file
by: RamseytheScot | last post by:
At the moment we have a httphandler. This handler connects to services and redirect messages to this service. To use this service you have to log on using a Username and Password. This Username and...
.NET Framework
2
Securing data
by: James | last post by:
What's the best way of securing online databases and web services? At present I am using a database password, which of course is not hard-coded into the web service, but this means re-submitting it...
.NET Framework
11
Securing hashing algorithm
by: Wm. Scott Miller | last post by:
Hello all! We are building applications here and have hashing algorithms to secure secrets (e.g passwords) by producing one way hashes. Now, I've read alot and I've followed most of the advice...
C# / C Sharp
1
Securing a web service
by: Scott McChesney | last post by:
Folks - We are running around and around here on a project we're developing, and I'm getting to the point that I don't know what I do and don't know. So I need some assistance. We are...
ASP.NET
1
Securing Web Services - how to prevent user to Add Web Reference?
by: The Fox | last post by:
How to prevent user to add web reference to my web services? Can I add password to web services so that only the users who know the password can add a web reference? Thanks in advance.
.NET Framework
0
Securing an Web Service
by: David Tandberg-Johansen | last post by:
Hi! First of all, I am kind of a newbie. I am planning an project where I gonna use an web service and a desktop-client, but I have stumbled over a problem. The IIS server that i am planning...
.NET Framework
4
securing a web service: options?
by: KJ | last post by:
Hello All, I have to secure my first real B2B web service. Could you please provide some guidance as to which method of security I should use. One caveat is that we will not be using SSL on the...
.NET Framework
2
securing web method calls using .NET 1.1
by: The Big Fat Sloppy Pig! | last post by:
x-no-archive: yes Hi All: I'm sort of "new" to doing this so I was wondering if anyone can offer some additional insight/suggestions. I've created a web-service that will be receiving some...
.NET Framework
4
Securing web service
by: =?Utf-8?B?aGlsZXlq?= | last post by:
Hi, I'm developing a web service that needs to communicate with a custom application on an intranet. There is also a configuration utility which may be run on a different server machine for...
.NET Framework
0
Basic concepts of WebLogic Admin training?
by: Naresh1 | last post by:
What is WebLogic Admin Training? WebLogic Admin Training is a specialized program designed to equip individuals with the skills and knowledge required to effectively administer and manage Oracle...
Oracle Database
0
Hyperconverged All-in-One Streaming Engine, ushering in new age for distributed database
by: antdb | last post by:
Ⅰ. Advantage of AntDB: hyper-convergence + streaming processing engine In the overall architecture, a new "hyper-convergence" concept was proposed, which integrated multiple engines and...
General
0
Oralloy
FPGA Question
by: Oralloy | last post by:
Hello Folks, I am trying to hook up a CPU which I designed using SystemC to I/O pins on an FPGA. My problem (spelled failure) is with the synthesis of my design into a bitstream, not the C++...
General
0
One of the easiest ways to set the background color of Excel documents in Java
by: Carina712 | last post by:
Setting background colors for Excel documents can help to improve the visual appeal of the document and make it easier to read and understand. Background colors can be used to highlight important...
General
0
BLUEPANDA
Join our open community on Discord to learn programming, SEO, and marketing
by: BLUEPANDA | last post by:
At BluePanda Dev, we're passionate about building high-quality software and sharing our knowledge with the community. That's why we've created a SaaS starter kit that's not only easy to use but also...
General
0
Mastering Python: A Versatile Programming Language for All
by: Rahul1995seven | last post by:
Introduction: In the realm of programming languages, Python has emerged as a powerhouse. With its simplicity, versatility, and robustness, Python has gained popularity among beginners and experts...
General
2
Problems to capture mouse_down event on a control within a form with lots of controls
by: Ricardo de Mila | last post by:
Dear people, good afternoon... I have a form in msAccess with lots of controls and a specific routine must be triggered if the mouse_down event happens in any control. Than I need to discover what...
Microsoft Access / VBA
1
Datasheet Form, iterate through records
by: Johno34 | last post by:
I have this click event on my form. It speaks to a Datasheet Subform Private Sub Command260_Click() Dim r As DAO.Recordset Set r = Form_frmABCD.Form.RecordsetClone r.MoveFirst Do If...
Microsoft Access / VBA
0
DizelArs
Handling .click() in the Safari browser
by: DizelArs | last post by:
Hi all) Faced with a problem, element.click() event doesn't work in Safari browser. Tried various tricks like emulating touch event through a function: let clickEvent = new Event('click', {...
Javascript

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2023
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes:
Post a Job
Sponsored Posts
Platinum & Gold Sponsors
Hire Now!