Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > ASP .Net > ASP .Net Web Services > Secure access to my hosted web service

Reply
Thread Tools

Secure access to my hosted web service

 
 
Jason James
Guest
Posts: n/a
 
      08-17-2006
Guys,

I am developing a web service that will be hosted by
a web hosting company and therefore will be in the
public domain. Since the service accesses a DB I
would like to ensure that only authorised applications/
users have access to the web service. Does anyone
have any suggests how I might go about this
security task?

Changing folder permissions, etc at the hosting
company is probably more trouble than it is worth!!

Kind regards,

Jason.
 
Reply With Quote
 
 
 
 
Josh Twist
Guest
Posts: n/a
 
      08-17-2006
You could use WSE
(http://msdn.microsoft.com/webservice...e/default.aspx)
to implement security directly into your webservice. WSE supports lots
of security implementations from username/pasword to certificates and
combinations thereof.

Josh
http://www.thejoyofcode.com/

Jason James wrote:
> Guys,
>
> I am developing a web service that will be hosted by
> a web hosting company and therefore will be in the
> public domain. Since the service accesses a DB I
> would like to ensure that only authorised applications/
> users have access to the web service. Does anyone
> have any suggests how I might go about this
> security task?
>
> Changing folder permissions, etc at the hosting
> company is probably more trouble than it is worth!!
>
> Kind regards,
>
> Jason.


 
Reply With Quote
 
 
 
 
Jason James
Guest
Posts: n/a
 
      08-21-2006
Josh,

thanks for the info. I'm not sure if my hoster has this .NET
extension installed. Are there any other ways using the
standard .NET framework components that anyone can
think of?

Regards,

Jason

On 17 Aug 2006 03:57:27 -0700, "Josh Twist" <(E-Mail Removed)>
wrote:

>You could use WSE
>(http://msdn.microsoft.com/webservice...e/default.aspx)
>to implement security directly into your webservice. WSE supports lots
>of security implementations from username/pasword to certificates and
>combinations thereof.
>
>Josh
>http://www.thejoyofcode.com/
>
>Jason James wrote:
>> Guys,
>>
>> I am developing a web service that will be hosted by
>> a web hosting company and therefore will be in the
>> public domain. Since the service accesses a DB I
>> would like to ensure that only authorised applications/
>> users have access to the web service. Does anyone
>> have any suggests how I might go about this
>> security task?
>>
>> Changing folder permissions, etc at the hosting
>> company is probably more trouble than it is worth!!
>>
>> Kind regards,
>>
>> Jason.

 
Reply With Quote
 
Josh Twist
Guest
Posts: n/a
 
      08-21-2006
You could just secure it yourself with a username/password SoapHeader.
This is very easy to do, you'd just need to create a securityUser table
with a username and password (salted and hashed, of course). Then check
this table inside your webmethod and throw a SoapException if you
receive an incorrect username/password.

If you can, use HTTPS to be sure that the username and password can't
be sniffed and the contents read by third parties.

Josh


Jason James wrote:
> Josh,
>
> thanks for the info. I'm not sure if my hoster has this .NET
> extension installed. Are there any other ways using the
> standard .NET framework components that anyone can
> think of?
>
> Regards,
>
> Jason
>
> On 17 Aug 2006 03:57:27 -0700, "Josh Twist" <(E-Mail Removed)>
> wrote:
>
> >You could use WSE
> >(http://msdn.microsoft.com/webservice...e/default.aspx)
> >to implement security directly into your webservice. WSE supports lots
> >of security implementations from username/pasword to certificates and
> >combinations thereof.
> >
> >Josh
> >http://www.thejoyofcode.com/
> >
> >Jason James wrote:
> >> Guys,
> >>
> >> I am developing a web service that will be hosted by
> >> a web hosting company and therefore will be in the
> >> public domain. Since the service accesses a DB I
> >> would like to ensure that only authorised applications/
> >> users have access to the web service. Does anyone
> >> have any suggests how I might go about this
> >> security task?
> >>
> >> Changing folder permissions, etc at the hosting
> >> company is probably more trouble than it is worth!!
> >>
> >> Kind regards,
> >>
> >> Jason.


 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Secure your digital information assets with Secure Auditor. SecureWindows with Secure Auditor alannis.albert@googlemail.com Cisco 0 04-14-2008 06:53 AM
Secure your digital information assets with Secure Auditor SecureWindows with Secure Auditor alannis.albert@googlemail.com Cisco 0 04-14-2008 06:52 AM
WEB-Service versus Service hosted by System.Runtime.Remoting in windows-Application Peter Stojkovic ASP .Net Web Services 0 03-30-2006 03:14 PM
Cannot access web service on secure web site Chris Clement ASP .Net Web Services 2 08-12-2003 05:36 PM



Advertisments