Security in .Net WS

Discussion in 'ASP .Net Web Services' started by Nathan, Jul 23, 2003.

  1. Nathan

    Nathan Guest

    Hi:
    I have a web service, which updates the database on the
    server side, when an order has been made at the client
    side (remote web site). Obviously, I can't send the
    details as plain text. So, here are my questions:

    1. Will making the web service on secure HTTP
    connection help? For example, suppose I have
    http://www.56712.com/ service.asmx. Just putting the web
    service on SSL enabled server should work, right? The
    client invokes the web methods using:
    https://www.56712.com/ service.asmx instead of the above
    URL. Will that solve?
    2. If I do encryption/decryption of the data using
    the Classes provided by .Net. I have to find equivalent
    implementations of the encryption/decryption algorithm
    for the clients (may be Java or ASP), which consume the
    web services.
    3. Are there any better methods of making the data
    passed to web method secure? If so, please help me. I
    want a solution which is truly language independent
    (irrespective of what language the client is)

    Any useful suggestions/solutions/comments are appreciated.

    Thanks in advance.

    Nathan
     
    Nathan, Jul 23, 2003
    #1
    1. Advertising

  2. Hi,

    > 1. Will making the web service on secure HTTP
    > connection help? For example, suppose I have
    > http://www.56712.com/ service.asmx. Just putting the web
    > service on SSL enabled server should work, right? The
    > client invokes the web methods using:
    > https://www.56712.com/ service.asmx instead of the above
    > URL. Will that solve?


    Yes this is a good decision.

    > 3. Are there any better methods of making the data
    > passed to web method secure? If so, please help me. I
    > want a solution which is truly language independent
    > (irrespective of what language the client is)


    If the clients will be only .NET applications, in this case
    you can use WSE for signing and encrypting your data.
    ______________________________
    With best wishes, Arthur Nesterovsky
    Please visit my home page:
    http://www.nesterovsky-bros.com
     
    Arthur Nesterovsky, Jul 23, 2003
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Aaron
    Replies:
    1
    Views:
    387
    John C. Bollinger
    Aug 4, 2003
  2. Marco
    Replies:
    1
    Views:
    2,458
    Roedy Green
    Jan 28, 2006
  3. Dinis Cruz

    Asp.Net Security Analyser (new security tool by DDPlus)

    Dinis Cruz, Oct 8, 2003, in forum: ASP .Net Security
    Replies:
    2
    Views:
    175
    Dinis Cruz
    Oct 11, 2003
  4. Michael Randrup
    Replies:
    3
    Views:
    346
    Henning Krause [MVP]
    Mar 27, 2006
  5. Kursat
    Replies:
    1
    Views:
    339
    Dominick Baier
    May 7, 2007
Loading...

Share This Page