Security is a large spectrum. You need to build with security in mind, it is
not something that you can easily lay on top of your service later. There
are many basic security features built into web services and work for most
people connecting from a IIS web server with Windows domain authentication.
For more robust implementations you need to use WSE or even third pary
solutions.
1) WebServices run over whatever port you configure the server to listen on.
That could be 80 or 443. But that is just information, it alone does not
make the service secure or insecure.
2) Login can be handled many ways. Integrated Windows, Forms, Etc. Again,
these are tools. How you use them is what makes your service secure.
This should get you started:
http://msdn.microsoft.com/webservice...y/default.aspx
HTH,
John Scragg
"UJ" wrote:
I've got a network engineer who is absolutely anal about network security.
He is questioning how secure web services are and I can't answer him with
definitive answers. Do web services run over port 80? How about port 443?
Are they secure? He's also paranoid about loginning in - is there a primer
somewhere where I can look at how to make my process connect with
authentication and make sure to keep it secure?
TIA - Jeff.