Reputation: 8477
ASP.NET Web Service Security
I've built ASP.NET Web Services in the past that either were publicly consumed, or used Windows Authentication. I now need to build a Web Service that uses the SOAP 1.1 protocol and it needs to be secured with a username and password from the caller.
It seems setting up the infrastructure for WCP is overkill for one or two Web Services. Any other suggestions? I was also thinking of using ASP.NET 4.0 Beta, if anyone has explored that for this scenario, it would be helpful to know your opinion.
Thanks in advance for your suggestions.
Upvotes: 2
Views: 5663
Answers (3)
Reputation: 10835
Use SSL. Force everyone who consumes your webservice to use https.
//Check for Secure Channel: HTTPS
if (!Context.Request.IsSecureConnection)
return "The HTTP Connection must use Secure Sockets (HTTPS)";
Upvotes: 0
Reputation: 126
There are different ways of doing this. One could be enabling access to a specific sets of IPs. If the IP doesn't match one of the lists then you could easy reject the call at method's level.
Otherwise, you could create another method that would return a token and then make all the relevant methods to expect that token in return in order to process the request.
Upvotes: 0
Reputation: 6814
The simple way is to create a special header that carries the auth info for every call and authenticate/authorize the user that way
Here's some sample code: http://aspalliance.com/805_Soap_Headers_Authentication_in_Web_Services
Note that in this way you are sending clear text username and password so you would want to use ssl or use some kind of digest authentication
Upvotes: 6
Related Questions
- Setting up a secure Web Service
- Web service security in SOAP
- How to secure Web services in ASMX file?
- How to use public asmx service
- WebService Security
- web service security in asp.net
- How to make web services secure in asp.net both the asmx and on WCF
- Securing ASP.NET Web Service
- .NET Web Service Security
- Securing a Web Service