I have written a simple .NET webservice, which I will be hosted on a different server may be on different continent. I don't really know. Now, I only had its URL and I tried to use webrequest and webresponse method to access that web service vai HTTP POST. Now, I want to know is there any way to secure the webservice access, so that nobody can exploit it?
for example:
http://example.com/Verify/Verification.asmx/Verify?AccountNumber=3223&ProductName=876
Now, these are all the parameters required to call this webservice. As if now, anyone can exploit it. So how can I make it secure? Although, I am planning to get SSL and this whole thing is happening from server to server, not from client to server?
NET offers the Web service developer two security options: rely on Windows security or provide custom security. You also need to disable anonymous access to the Web service. In IIS, display the properties of the Web service and select the Directory Security tab.
Security is critical to web services. However, neither XML-RPC nor SOAP specifications make any explicit security or authentication requirements.
The key Web services security requirements are authentication, authorization, data protection, and nonrepudiation. Authentication ensures that each entity involved in using a Web service—the requestor, the provider, and the broker (if there is one)—is what it actually claims to be.
You can pass a service key (much like Amazon WS) in the authorization header of the web request which could be encrypted with an algorithm of your choice, which is then decrypted at the service end and only continue with the execution if the key matches
See section 14.8 in the following URL
http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With