469,573 Members | 1,667 Online
Bytes | Developer Community
New Post

Home Posts Topics Members FAQ

Post your question to a community of 469,573 developers. It's quick & easy.

Securing web service

Hi

How can I make sure that no one else can call and receive data from my web
methods?

Thanks

Regards
Nov 21 '05 #1
6 2155
Turn the server off.

"John" <jo**@nospam.infovis.co.uk> wrote in message
news:#s*************@tk2msftngp13.phx.gbl...
Hi

How can I make sure that no one else can call and receive data from my web
methods?

Thanks

Regards

Nov 21 '05 #2
That was a nice joke. LOL.

Well, I assume that you don't want to give access to your webservice to the
unauthorized users.

1.Use sessions in your web methods in application layer
2.Use SSL in transport layer

More can be found under
http://msdn.microsoft.com/library/de...SecNetch10.asp
http://msdn.microsoft.com/library/de...OAPHeaders.asp

Regards,
R.Balaji
"Dale" <da************@msndotcomNot.Net> wrote in message
news:ua**************@TK2MSFTNGP10.phx.gbl...
Turn the server off.

"John" <jo**@nospam.infovis.co.uk> wrote in message
news:#s*************@tk2msftngp13.phx.gbl...
Hi

How can I make sure that no one else can call and receive data from my web methods?

Thanks

Regards


Nov 21 '05 #3
You could only send the wsdl defining your service to the people who are
entitled to use it, i.e. Don't publish the WSDL which would include endpoint
details etc.

Additionally you could look at implementing WS-Security frim MS. This would
validate any user who tried to use your service. The implementation is very
straightforward..
Search for "WS-Security Authentication and Digital Signatures with Web
Services Enhancements" in msdn.
"John" <jo**@nospam.infovis.co.uk> wrote in message
news:%2***************@tk2msftngp13.phx.gbl...
Hi

How can I make sure that no one else can call and receive data from my web
methods?

Thanks

Regards

Nov 21 '05 #4
I've always put a username / password params in each of my web methods. I
then validate the user on each method call, and THEN do the real work of the
web method.

You can authenticate that username / password against a hardcoded value, a
database value, or a web.config value.

Michael

"John" <jo**@nospam.infovis.co.uk> wrote in message
news:%2***************@tk2msftngp13.phx.gbl...
Hi

How can I make sure that no one else can call and receive data from my web
methods?

Thanks

Regards

Nov 21 '05 #5
John wrote:
How can I make sure that no one else can call and receive data
from my web methods?


Rather than hardcoding security logic into your applications
(as described in separate answers in this thread) you can use
a separate SOAP Firewall that allows you to

- integrate security transparently (i.e. without modifying
application code) even in multi-vendor deployments

- manage your security policies centrally, using a professional
admin console GUI

You may want to take a look at Xtradyne's WS-DBC (Domain Boundary
Controller), which delivers comprehensive security and enterprise-
grade performance. See http://www.xtradyne.com for more info.

Regards, Gerald.
--
Dr. Gerald Brose mailto:br***@xtradyne.com
Xtradyne Technologies http://www.xtradyne.com
Schoenhauser Allee 6-7, Phone: +49-30-440 306-27
D-10119 Berlin, Germany Fax : +49-30-440 306-78
Nov 21 '05 #6
Your username/password can be viewed by attacker, if your transport is HTTP.
Then he can do something else after obtain username/password. He can also
changed the request message with know what's the meaning of original message,
withoud detected by your web service. Best way is to go with SSL using client
certificate as security token, to encrypt and sign message. search WSE in
MSDN.

"Michael Pearson" wrote:
I've always put a username / password params in each of my web methods. I
then validate the user on each method call, and THEN do the real work of the
web method.

You can authenticate that username / password against a hardcoded value, a
database value, or a web.config value.

Michael

"John" <jo**@nospam.infovis.co.uk> wrote in message
news:%2***************@tk2msftngp13.phx.gbl...
Hi

How can I make sure that no one else can call and receive data from my web
methods?

Thanks

Regards


Nov 21 '05 #7

This discussion thread is closed

Replies have been disabled for this discussion.

Similar topics

1 post views Thread by Bruno Desthuilliers | last post: by
reply views Thread by RamseytheScot | last post: by
2 posts views Thread by James | last post: by
11 posts views Thread by Wm. Scott Miller | last post: by
1 post views Thread by Scott McChesney | last post: by
reply views Thread by David Tandberg-Johansen | last post: by
4 posts views Thread by KJ | last post: by
2 posts views Thread by The Big Fat Sloppy Pig! | last post: by
4 posts views Thread by =?Utf-8?B?aGlsZXlq?= | last post: by
reply views Thread by suresh191 | last post: by
4 posts views Thread by guiromero | last post: by
By using this site, you agree to our Privacy Policy and Terms of Use.