Home | Contact Us | FAQ | Search & Site Map | Link to Us
Sign In | Join | Other 45 Sites in Network
HomeAnnouncementsFree MagazinesWhite PapersSubmit Content
Discussion GroupsASP.NETWindows FormsLanguages.NET FrameworkVisual Studio.NET
Articles.NET FrameworkASP.NETToolsWindows Forms
.NET DirectoryOpen Source ProjectsUser GroupsWeb Resources
Related Topics
Visual Basic 6SQL ServerMS AccessOther DB ProductsMS Server ProductsMore Topics ...
.NET Forum / ASP.NET / Web Services / October 2005

Tip: Looking for answers? Try searching our database.

Webservices and security

Thread view: 
Enable EMail Alerts  Start New Thread
Thread rating: 
UJ - 24 Oct 2005 19:17 GMT
I've got a network engineer who is absolutely anal about network security.
He is questioning how secure web services are and I can't answer him with
definitive answers. Do web services run over port 80? How about port 443?
Are they secure? He's also paranoid about loginning in - is there a primer
somewhere where I can look at how to make my process connect with
authentication and make sure to keep it secure?

TIA - Jeff.
Reply to this Message
John Scragg - 24 Oct 2005 19:56 GMT
Security is a large spectrum.  You need to build with security in mind, it is
not something that you can easily lay on top of your service later.  There
are many basic security features built into web services and work for most
people connecting from a IIS web server with Windows domain authentication.  
For more robust implementations you need to use WSE or even third pary
solutions.

1) WebServices run over whatever port you configure the server to listen on.
That could be 80 or 443.  But that is just information, it alone does not
make the service secure or insecure.

2) Login can be handled many ways.  Integrated Windows, Forms, Etc.  Again,
these are tools.  How you use them is what makes your service secure.

This should get you started:

http://msdn.microsoft.com/webservices/webservices/building/security/default.aspx

HTH,

John Scragg

> I've got a network engineer who is absolutely anal about network security.
> He is questioning how secure web services are and I can't answer him with
[quoted text clipped - 4 lines]
>
> TIA - Jeff.
Reply to this Message
Usenet Honey Pot - 25 Oct 2005 20:53 GMT
> I've got a network engineer who is absolutely anal about network
> security. He is questioning how secure web services are and I can't
> answer him with definitive answers. Do web services run over port 80?
> How about port 443?

It's good that he's anal about network security, because you don't seem to
take it very seriously.

Web Services can be protected with a variety of methods - SSL, passing
username/passwords into it, forms authentication, Basic IIS authentication,
Windows Authentication, or using Certificates. Microsoft's Web Service
Enhancement Pack has some add-ons for security.

However, for the most part, SSL + Username/Password as parameters in your
web service function call is a good start : )

Signature

Stan Kee (spamhoneypot@rogers.com)

Reply to this Message

 Rate this thread:







Free Magazines

Get these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...

Oracle MagazineNetwork ComputingComputer WorldBio-IT WorldeWeekInformation WeekInfosecurity
 
Sign In
Join
My Latest Posts
My Monitored Threads
My Blog
My Photo Gallery
My Profile
My Homepage
Start New Thread
Enable EMail Alerts
Rate this Thread



©2008 Advenet LLC   Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.