single secure web service call

Kevin Richards

I have a .NET web service that needs to be called from any platform. I need
to make the Login method of the web service secure. It doesnt matter about
the remaining methods, just the password parameter of the Login call needs to
be encrypted. Trying to do this platform independently seems to be
difficult. I feel certificates is a bit over the top for what I am trying to
acheive.

Does anyone know of a way to make a single mthod of a web service secure, or
the simplest way to make a web service secure (encrypted), just for
authentication?

Nov 23 '05 #1

Subscribe Reply

2030

NuTcAsE

The simplest way of securing a password being sent to a web service is
to have it go through a one way hash and send the base64 representation
of the hashed password. Then on your web service, you can look up the
password from your user data store and hash the stored password for the
user and compare the two hashes. If they match the password is valid
and the user can log in and use your service. The thing to remember
here is that both the client and the sevice must use the same hashing
algorithm like MD5 or SHA.

This usually works for me as there is no need to using either symmetric
or asymmetric encryption (as a result no key sharing), and hashing the
password is secure enough. You might also want to use a salt value
while hashing your password to avoid replay attacks.

Nov 23 '05 #2

NuTcAsE

you could also check out Web Service Enhancements (WSE). It implements
WS-Security spec and allows various ways to secure your web service.

http://msdn.microsoft.com/library/?u...326ff206ed.asp

Nov 23 '05 #3

Dilip Krishnan

Hello Kevin,
Especially since you want your service to be called from any platform
you would need to use standard authentication mechanisms i.e. WS-Security
and use the username token profile... I'd suggest you use WSE [0]

[0] - http://msdn.microsoft.com/webservice...e/default.aspx
[1] - http://msdn.microsoft.com/webservice...wssecdrill.asp
[2] - http://www.devx.com/dotnet/Article/19986/0/page/1
HTH
Regards,
Dilip Krishnan
MCAD, MCSD.net
dkrishnan at geniant dot com
http://www.geniant.com

I have a .NET web service that needs to be called from any platform.
I need to make the Login method of the web service secure. It doesnt
matter about the remaining methods, just the password parameter of the
Login call needs to be encrypted. Trying to do this platform
independently seems to be difficult. I feel certificates is a bit
over the top for what I am trying to acheive.

Does anyone know of a way to make a single mthod of a web service
secure, or the simplest way to make a web service secure (encrypted),
just for authentication?

Nov 23 '05 #4

Similar topics

4537

Secure WebService Failing

by: Matt Sollars | last post by:

I've struggled with this problem, and it's lack of examples, for a couple of months now. On several different web applications that we have written, we need to communicate with a credit card...

ASP.NET

2305

Single Sign On

by: EricMatz | last post by:

I work for a medium-sized insurance company, developing web-based systems for our independent agents. There are four primary applications we provide - one that serves as an agent portal (ASP), and...

ASP.NET

4942

Single Threaded Web Service

by: ben | last post by:

I am needing a web service to be single threaded. Is this possible? Any ideas would be helpful

.NET Framework

3476

Call secure web services from Excel 2003

by: mron0210 | last post by:

Hi, I have created a web service using Visual Studio .Net (Visual Studio Tools for Office : Excel project) and secured it using WSE 2.0. I have added a hyperlink in the Excel sheet which...

.NET Framework

2407

Single Sign On / Authentication System?

by: Spam Catcher | last post by:

Hi all, I'm looking to implement a single sign on solution for .NET applications. This single sign on solution will need to work against a variety of back- end databases (i.e. SQL (mainly),...

Visual Basic .NET

3527

Could not create SSL/TLS secure channel inside my web service

by: =?Utf-8?B?RmlsaXBwbyBCZXR0aW5hZ2xpbw==?= | last post by:

I have developed a web service under ASP.NET2. this web service call another web service which need a SSL connection. Therefore I pass, to be able to connect, I pass credential and certificate ...

.NET Framework

1470

Capturing a Client Cert and Passing it to a Secure Web Service

by: hepsubah | last post by:

I'm trying to capture a client cert in my ASP.NET application, and use that cert as the client cert for a call to secure web service. I've used the following code, but am getting a 403 error on...

ASP.NET

7725

Single Instance web service??

by: =?Utf-8?B?YWVzcGVy?= | last post by:

Is there such a thing as a single instance web service? Is it possible to have all calls to a web service share one property value by declaring it as static? I know web service should be stateless,...

.NET Framework

1690

call secure web service (thru cer) from a web service

by: =?Utf-8?B?VFRL?= | last post by:

I have a vb.net web service. I am trying to call another webservice that is secured through certificate. I have received the certificate file and I am trying to call the service using the file. I...

.NET Framework

7260

What is ONU?

by: marktang | last post by:

ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...

General

7384

Problem With Comparison Operator <=> in G++

by: Oralloy | last post by:

Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers,...

C / C++

7537

Maximizing Business Potential: The Nexus of Website Design and Digital Marketing

by: jinu1996 | last post by:

In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...

Online Marketing

7099

The easy way to turn off automatic updates for Windows 10/11

by: Hystou | last post by:

Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows...

Windows Server

5086

Access Europe - Using VBA to create a class based on a table - Wed 1 May

by: isladogs | last post by:

The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome a new...

Microsoft Access / VBA

3233

Trying to create a lan-to-lan vpn between two differents networks

by: TSSRALBI | last post by:

Hello I'm a network technician in training and I need your help. I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs. The...

Networking - Hardware / Configuration

3222

Windows Forms - .Net 8.0

by: adsilva | last post by:

A Windows Forms form does not have the event Unload, like VB6. What one acts like?

Visual Basic .NET

799

How to add payments to a PHP MySQL app.

by: muto222 | last post by:

How can i add a mobile payment intergratation into php mysql website.

PHP

456

Comprehensive Guide to Website Development in Toronto: Expert Insights from BSMN Consultancy

by: bsmnconsultancy | last post by:

In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence...

General