Secure access to my hosted web service

Discussion in 'ASP .Net Web Services' started by Jason James, Aug 17, 2006.

  1. Jason James

    Jason James Guest

    Guys,

    I am developing a web service that will be hosted by
    a web hosting company and therefore will be in the
    public domain. Since the service accesses a DB I
    would like to ensure that only authorised applications/
    users have access to the web service. Does anyone
    have any suggests how I might go about this
    security task?

    Changing folder permissions, etc at the hosting
    company is probably more trouble than it is worth!!

    Kind regards,

    Jason.
     
    Jason James, Aug 17, 2006
    #1
    1. Advertising

  2. Jason James

    Josh Twist Guest

    You could use WSE
    (http://msdn.microsoft.com/webservices/webservices/building/wse/default.aspx)
    to implement security directly into your webservice. WSE supports lots
    of security implementations from username/pasword to certificates and
    combinations thereof.

    Josh
    http://www.thejoyofcode.com/

    Jason James wrote:
    > Guys,
    >
    > I am developing a web service that will be hosted by
    > a web hosting company and therefore will be in the
    > public domain. Since the service accesses a DB I
    > would like to ensure that only authorised applications/
    > users have access to the web service. Does anyone
    > have any suggests how I might go about this
    > security task?
    >
    > Changing folder permissions, etc at the hosting
    > company is probably more trouble than it is worth!!
    >
    > Kind regards,
    >
    > Jason.
     
    Josh Twist, Aug 17, 2006
    #2
    1. Advertising

  3. Jason James

    Jason James Guest

    Josh,

    thanks for the info. I'm not sure if my hoster has this .NET
    extension installed. Are there any other ways using the
    standard .NET framework components that anyone can
    think of?

    Regards,

    Jason

    On 17 Aug 2006 03:57:27 -0700, "Josh Twist" <>
    wrote:

    >You could use WSE
    >(http://msdn.microsoft.com/webservices/webservices/building/wse/default.aspx)
    >to implement security directly into your webservice. WSE supports lots
    >of security implementations from username/pasword to certificates and
    >combinations thereof.
    >
    >Josh
    >http://www.thejoyofcode.com/
    >
    >Jason James wrote:
    >> Guys,
    >>
    >> I am developing a web service that will be hosted by
    >> a web hosting company and therefore will be in the
    >> public domain. Since the service accesses a DB I
    >> would like to ensure that only authorised applications/
    >> users have access to the web service. Does anyone
    >> have any suggests how I might go about this
    >> security task?
    >>
    >> Changing folder permissions, etc at the hosting
    >> company is probably more trouble than it is worth!!
    >>
    >> Kind regards,
    >>
    >> Jason.
     
    Jason James, Aug 21, 2006
    #3
  4. Jason James

    Josh Twist Guest

    You could just secure it yourself with a username/password SoapHeader.
    This is very easy to do, you'd just need to create a securityUser table
    with a username and password (salted and hashed, of course). Then check
    this table inside your webmethod and throw a SoapException if you
    receive an incorrect username/password.

    If you can, use HTTPS to be sure that the username and password can't
    be sniffed and the contents read by third parties.

    Josh


    Jason James wrote:
    > Josh,
    >
    > thanks for the info. I'm not sure if my hoster has this .NET
    > extension installed. Are there any other ways using the
    > standard .NET framework components that anyone can
    > think of?
    >
    > Regards,
    >
    > Jason
    >
    > On 17 Aug 2006 03:57:27 -0700, "Josh Twist" <>
    > wrote:
    >
    > >You could use WSE
    > >(http://msdn.microsoft.com/webservices/webservices/building/wse/default.aspx)
    > >to implement security directly into your webservice. WSE supports lots
    > >of security implementations from username/pasword to certificates and
    > >combinations thereof.
    > >
    > >Josh
    > >http://www.thejoyofcode.com/
    > >
    > >Jason James wrote:
    > >> Guys,
    > >>
    > >> I am developing a web service that will be hosted by
    > >> a web hosting company and therefore will be in the
    > >> public domain. Since the service accesses a DB I
    > >> would like to ensure that only authorised applications/
    > >> users have access to the web service. Does anyone
    > >> have any suggests how I might go about this
    > >> security task?
    > >>
    > >> Changing folder permissions, etc at the hosting
    > >> company is probably more trouble than it is worth!!
    > >>
    > >> Kind regards,
    > >>
    > >> Jason.
     
    Josh Twist, Aug 21, 2006
    #4
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Replies:
    1
    Views:
    163
    MikeS
    Aug 27, 2006
  2. Chris Clement

    Cannot access web service on secure web site

    Chris Clement, Aug 11, 2003, in forum: ASP .Net Web Services
    Replies:
    2
    Views:
    174
    Chris Clement
    Aug 12, 2003
  3. John A Grandy

    simulate post of .htm page to remotely hosted web-service

    John A Grandy, Aug 25, 2004, in forum: ASP .Net Web Services
    Replies:
    0
    Views:
    316
    John A Grandy
    Aug 25, 2004
  4. Rob
    Replies:
    3
    Views:
    519
    Steven Cheng[MSFT]
    Feb 3, 2006
  5. Peter Stojkovic
    Replies:
    0
    Views:
    491
    Peter Stojkovic
    Mar 30, 2006
Loading...

Share This Page