Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

ASP.NET Web Service Security

Status
Not open for further replies.
malalation

malalation

Technical User
May 22, 2007
4
BH
Hello guys,
I'm currently working on an ASP.NET project. The project requires an asp.net website and a vb.net application. The website and the application must be linked to the database, so I uploaded the database with the website on a web hosting server somewhere on the Internet and created a web service and uploaded it on the web server to link the database and the vb.net application. Finally, I added the web service as a reference in the vb.net project in order to make the required function calls.

The problem is that I want more security; I mean that I should make sure that no one can add my web service as a reference in his project and make the calls and change my data. I thought of adding a password and passing it to the web service as a parameter when calling a function and the web service checks if the password is correct then it will proceed, otherwise it will not execute the code, but it seams like a very primitive way of handling this issue. So, is there any other ways to do it?
 
Sort by date Sort by votes
if the webservice is hosted on a public server then the service is available to the world. If you don't want this available to the world you need to move it into a private domain.

if it will remain on the web then you need to use an SSL cert to encrypt the communication and use authentication to validate the request.

I would recommend doing the opposite. Host the database and application within your domain and host the website on an ISP. use your network to expose the web services for the website to reference. this will still require SSL and authentication, but your data remains within your network.

if the website is many reads, few writes you could also look at exporting a copy of the data to the website. This data could be filtered and summarized.


Jason Meckley
Programmer
Specialty Bakers, Inc.
 
Upvote 0 Downvote
Thanks a lot for the reply. I already done the coding, so I don't think that I'll do the opposite, but I'll make some searches and I'll look for more information on the Internet about the SSL and how to use it.
Thanx again for the informative reply.
 
Upvote 0 Downvote
a method that i have used in the past is for an external app to log in and a GUID is returned by the webservice. this guid is then passed back from the external app in the soap header and verified against the guid held in db whenever a call to a method is made. e.g. if time was outside of 20 mins since last access the app would have to log in again.


once completed, the external app logs off and the webservice the removes the record in the db.
 
Upvote 0 Downvote
Thanx nicklieb 4 the reply.
I looked for GUID on the Internet and I visited GUID.org, but I found out that this technique is used for web browsers by using cookies, but in my case the user will login from a VB.NET program (a Windows application), so can I use GUID in Windows Applications as well?
Thnak you for taking the time and effort for replying ;-)
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Makumbi256
  • Locked
  • Question
How to make days vertical and grid view editable using asp.net vb
Replies
0
Views
302
Makumbi256
Makumbi256
snakehips2000
  • Locked
  • Question
Entity Framework, MVC, ASP.NET, ASP.NET Core etc… etc
Replies
0
Views
345
snakehips2000
snakehips2000
WIREMESH
  • Locked
  • Question
Play mp4 files in asp.net 2.0 webforms application
Replies
0
Views
112
WIREMESH
WIREMESH
WIREMESH
  • Locked
  • Question
ASP.NET 2.0 Webform compilation error
Replies
1
Views
140
jbenson001
jbenson001
sugu1
  • Locked
  • Question
sound editing in web site to record, cut/trim, paste and save as wav file
Replies
0
Views
351
sugu1
sugu1

Part and Inventory Search

Sponsor

Back
Top