473,385 Members | 1,712 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

home > topics > .net framework > questions > how to restrict web service invokation to a few known web sites?

Join Bytes to post your question to a community of 473,385 software developers and data experts.

How to restrict web service invokation to a few known web sites?

Greetings,

I need to create a web service to be called by a few of our external
affiliated web sites. How can I restrict web service invokation to only
these affiliated web sites?

Some of the things I came up with, but seems weak
1. Check caller's url and only accept those that are in a list of authorized
web sites. But hacker can spoof the url
2. Give each site a user name and password to send over with every call. But
we can't count on them to secure this info appropriately
3. Using x509. But that seems to be overkill. We would consider this as the
last resort.

The one thing I will stick to is requiring the web service to be called over
SSL. Unless there is some draw back to that.

Please share with me your thoughts and recommendation. Many thanks in
advance.
Jun 3 '06 #1
3 2130
"Andrew V" <aa*@aaa.aaa> wrote in message
news:OW**************@TK2MSFTNGP04.phx.gbl...
Greetings,

I need to create a web service to be called by a few of our external
affiliated web sites. How can I restrict web service invokation to only
these affiliated web sites?


Andrew,

you can use IIS security setting to set only allowed IP addresses to access
the web application (service).
SSL will require you to buy client certificates for each client which may be
not the best solution.

Regards,

--
Martin Kulov
http://www.codeattest.com/blogs/martin

MVP, MCT, MCSD, MCPD

Jun 5 '06 #2
Thanks for replying Martin.

I'm worry that allowing access by ip is not strong enough as a hacker can
spoof the ip. What's your assessment of that threat?

Thanks,
Andrew.

"Martin Kulov [MVP]" <ku***@bezbokluk.abv.bg> wrote in message
news:uL****************@TK2MSFTNGP03.phx.gbl...
Andrew,

you can use IIS security setting to set only allowed IP addresses to
access the web application (service).
SSL will require you to buy client certificates for each client which may
be not the best solution.

Regards,

--
Martin Kulov
http://www.codeattest.com/blogs/martin

MVP, MCT, MCSD, MCPD

Jun 5 '06 #3
"Andrew V" <aa*@aaa.aaa> wrote in message
news:OV**************@TK2MSFTNGP04.phx.gbl...
Thanks for replying Martin.

I'm worry that allowing access by ip is not strong enough as a hacker can
spoof the ip. What's your assessment of that threat?


Well, I do not see how an Internet user can change its IP address and still
receive the response from server.

I am not a security expert but this article says so also [1].
"Misconceptions of IP Spoofing

While some of the attacks described above are a bit outdated, such as
session hijacking for host-based authentication services, IP spoofing is
still prevalent in network scanning and probes, as well as denial of service
floods. However, the technique does not allow for anonymous Internet access,
which is a common misconception for those unfamiliar with the practice. Any
sort of spoofing beyond simple floods is relatively advanced and used in
very specific instances such as evasion and connection hijacking. "

[1] http://www.securityfocus.com/infocus/1674
HTH,
Martin

Jun 7 '06 #4
New Post

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

1
How can I restrict bandwidth between to SQL servers
by: Mark | last post by:
Hi I have two SQL2000 servers in different sites, once a day approximately 1M of data in the form of a large update is required to be transfered between the 2. We have use of a 2M pipe between...
Microsoft SQL Server
28
restrict
by: gc | last post by:
Hi, What is the purpose of the restrict keyword? gc
C / C++
8
Improving first access to a web service
by: murphy | last post by:
I'm programming a site that displays info from AWS Commerce Service 4.0. At each change of the asp.net application the first load of a page that uses the web service takes 30 seconds. Subsequent...
C# / C Sharp
2
Web Service Architecture question
by: John A | last post by:
I have a Web Service that I am reponsible for that we use for data integration purposes. Recently I have been tasked with sending some of this data to a third party. Because they need to receive...
.NET Framework
2
C2485 __declspec(restrict)
by: Fernando Cacciola | last post by:
Hi, I'm having a very strange problem with VC8 When compiling a library called gmp (v 4.1.4); with win32 patches applied for VC7 (VC8 is not directly supported yet), I get this error all over...
.NET Framework
1
Help in accessing a Web service
by: Nestor | last post by:
Hello all, I'm begining in the web services world and I've reading about how to invoke them using javascript from Mozilla browser (version 2.0 in my case). I found a very interesting example...
Javascript
5
Interaction of windows service with UI
by: sonali_reddy123 | last post by:
Hello all, I am trying to develop an application which will run as a windows service. The application should have Normal options available with service like start, stop and pause but along...
C# / C Sharp
5
Name or service not known
by: KyloMan | last post by:
Hi...i`m getting an error that lookks like that...name or service not known when i try to get .tgz or .tar.gz files...why ? when i try to enter on sites that contains .tgz or tar.gz files...it shows...
Linux
1
Asynchronous invokation of web service doesn't work under IIS 5.1
by: woshicike | last post by:
Hi, I created a web service. When I place it under visual studio development server, the asynchronous invokation of web methd works fine. But when I publish the web service under IIS 5.1, the...
ASP.NET
0
Basic Javascript concepts
by: aa123db | last post by:
Variable and constants Use var or let for variables and const fror constants. Var foo ='bar'; Let foo ='bar';const baz ='bar'; Functions function $name$ ($parameters$) { } ...
Javascript
0
Batch import of multiple excel files into the database
by: ryjfgjl | last post by:
If we have dozens or hundreds of excel to import into the database, if we use the excel import function provided by database editors such as navicat, it will be extremely tedious and time-consuming...
Data Management
0
Merging data from multiple Excel files
by: ryjfgjl | last post by:
In our work, we often receive Excel tables with data in the same format. If we want to analyze these data, it can be difficult to analyze them because the data is spread across multiple Excel files...
Data Management
0
BarryA
Navigating the Data Structures and Algorithms (DSA)
by: BarryA | last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
Algorithms / Advanced Math
1
Is that possible of reading the .csv file in column wise and the column have different lengths ?
by: Sonnysonu | last post by:
This is the data of csv file 1 2 3 1 2 3 1 2 3 1 2 3 2 3 2 3 3 the lengths should be different i have to store the data by column-wise with in the specific length. suppose the i have to...
C / C++
0
marktang
What is ONU?
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
General
0
Changing the language in Windows 10
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
Windows Server
0
Oralloy
Problem With Comparison Operator <=> in G++
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers,...
C / C++
0
jinu1996
Maximizing Business Potential: The Nexus of Website Design and Digital Marketing
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
Online Marketing

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes:
Post a Job
Sponsored Posts
Platinum & Gold Sponsors
Hire Now!