Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How to secure a WCF restful service?

Tags:

c#

asp.net

web-services

wcf-security

I used to deal with web services and we secured it using the credential header with soap. The calling application would need to pass a username and password in the credential header. We are now looking at using a WCF restful based webservice and want to secure it. Wondering what the best way to secure it is?

I was thinking that I could stuff a username and password in the POST variables (this thats what they are called). But is this the proper way to secure a restful web service?

like image 321
Exitos Avatar asked Jun 09 '11 09:06

Exitos

People also ask

How do you secure your WCF?

To secure an application that runs exclusively on a Windows domain, you can use the default security settings of either the WSHttpBinding or the NetTcpBinding binding. By default, anyone on the same Windows domain can access WCF services. Because those users have logged on to the network, they are trusted.

Does WCF support RESTful services?

You can use WCF to build RESTful services in . NET. REST (Representational State Transfer) is an architecture paradigm that conforms to the REST architecture principles. The REST architecture is based on the concept of resources: It uses resources to represent the state and functionality of an application.

How do I enable https access for WCF RESTful service?

Add a new WebHttpBinding configuration that has security mode set to Transport . Assign that new WebHttpBinding configuration to the your Service Endpoint binding. Make sure that your RESTful service can only be accessed via HTTPS by setting httpGetEnabled="false" . Set up the metadata publishing endpoint to use HTTPS.

Which is more secure WCF or Web API?

WCF service provides us high level security framework which provide enterprise level security. It uses WS-I standard to provide secure service. But Web API uses web standard security such as basic authentication, token authentication and for more complex such as OAuth; Web API provides more flexibility.

1 Answers

This link describes how to use WCF with WS-Security.
This link describes what WS-Security is.
This link describes the architecture of the WCF security component.
Not sure if you can combine those with REST but know that HTTP has an authentication mechanisms of it's own (See Basic authentication and Digset authentication and this overview about both).
The RESTful way to do it imo would be using the HTTP authentication.
I think you have some research to be done :)

like image 73
the_drow Avatar answered Sep 30 '22 23:09

the_drow
Sign in to Comment

Related questions

Filled Arcs in WPF
NHibernate / MySQL string concatenation
Deadly exception, how to catch? System.Net.InternalException: System error
C# datatable decimal with precision
Where the microsoft.office.tools.excel.dll is installed?
Databinding with a listbox
How to use AntiXss in my Project?
Implementing the APNG Render Function
How do I get variable values in my stack trace dump?
Creating a Website From Scratch With MVC, Which ORM is Better, EF or NHibernate? [closed]
How to make a child node visible = false in a Treeview Control
LINQ: Join MySql and SQL Server tables
What's the most efficient way to manage large amounts of data (height data) and replace this huge array?
How to fix English language to specific textbox in Arabic Input language mode?
How to get the character location of a XmlElement?
c# / ASP.NET / SQL Server - running query once a day
Compile time tree structure
Abstract Factory Design Pattern
How to call the method from a MethodCallExpression in c#
How can I clear the buffer on a ReplaySubject?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!