restrict access to Web Service to certain client applications

Discussion in 'ASP .Net Web Services' started by Athen, Aug 5, 2004.

  1. Athen

    Athen Guest

    I have a web service, say the name MyWebService. This service is only
    for MyClient application which means MyWebService should only serve
    MyClient application. Is there a way to do this?
     
    Athen, Aug 5, 2004
    #1
    1. Advertising

  2. I would recommend implementing authentication/authorization, for example
    using WS-Security (with WSE 2.0). If need be, you can hardwire the "secret"
    credentials into the specific client so that this is the only client whose
    Web service requests will be accepted.

    I'm sure you can come up with various creative ways to implement this (for
    example, by examining the origin of the incoming request in the
    Application_BeginRequest event handler) but any of these creative methods
    will be potentially inaccurate and worse, unsecure. So I recommend
    implementing WS-Security. It's easy to do with WSE 2.0, and it gives you the
    flexibility to expand the audience for your Web service in the future simply
    by issuing them the appropriate credentials.

    Jeffrey Hasan, MCSD
    President, Bluestone Partners, Inc.
    -----------------------------------------------
    Author of: Expert SOA in C# Using WSE 2.0 (APress, 2004)
    http://www.bluestonepartners.com/soa.aspx

    "Athen" <> wrote in message
    news:...
    > I have a web service, say the name MyWebService. This service is only
    > for MyClient application which means MyWebService should only serve
    > MyClient application. Is there a way to do this?
     
    Jeffrey Hasan, Aug 9, 2004
    #2
    1. Advertising

  3. Athen

    Athen Guest

    Jeff,

    Thank you for your info. We do use windows authentication for this web
    service. But, just authentication/authorization of the user is not
    enough. How about many applications running as this particular user
    trying to access this web service. We only want to give access to the
    particular application. I think this is some restriction check before
    authentication, if the application doesn't have access to this web
    service, we don't even try to authenticate the user.

    Thanks!
     
    Athen, Aug 11, 2004
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Anan
    Replies:
    8
    Views:
    15,675
    John C. Bollinger
    Dec 8, 2004
  2. Michael Onfrek
    Replies:
    7
    Views:
    432
    Michael Onfrek
    Jun 2, 2005
  3. puzzlecracker
    Replies:
    3
    Views:
    476
    Greg R. Broderick
    Nov 12, 2006
  4. Joshua Mostafa
    Replies:
    4
    Views:
    2,293
    Joshua Mostafa
    May 11, 2007
  5. anonym
    Replies:
    1
    Views:
    475
    Jan Thomä
    Apr 15, 2008
Loading...

Share This Page