encrypting soap in .net

Question

I have been trying to encrypt soap message and send to the server, so that the server can decrypt, process the message, encrypt the response again and send back to the client...

I short i want to implement security in ASMX web services....

Please help me

Thanks Sandeep

Answer 1

HTTPS is a standard for encrypting web services. I use this for encrypting a web service.

Answer 2

https and soap extensions are good solutions; you can always 'roll your own' by encryting the inputs and outputs directly

[WebMethod]
public string SecureMethodX(string secureInput)
{
    string plainText = decrypt(secureInput);
    //do something...
    string encryptedResult = encrypt(someResult);
    return encryptedResult;
}

this becomes a pain if you have several methods, but if you have a specific one-off need (such as passing hardware fingerprints and/or license keys between client and server) then this solution is probably the simplest to implement

Answer 3

Take a look at SOAP extensions. They allow you to monkey with the SOAP stream on both the client and server. They're nice because you can leave your service code alone - manipulation occurs before a webmethod begins and after it ends. They work a lot like an HttpModule but can be included on the client/request side as well.

• http://msdn.microsoft.com/en-us/library/system.web.services.protocols.soapextension.aspx
• http://msdn.microsoft.com/en-us/magazine/cc164007.aspx
• http://www.theserverside.net/tt/articles/showarticle.tss?id=SOAPExtensions

Answer 4

What's wrong with using HTTPS?