stackoom
  简体   繁体   中英

Securing Web Services approach valid?

 原文  2010-05-19 14:19:05       c#/ security/ service

Question

Currently I am looking at securing our web services. At the moment we are not using WCF so this is not an option. One approach I have seen and implemented locally fairly easily was the approach described in article:

http://www.codeproject.com/KB/aspnet/wsFormsAuthentication.aspx

Which describes adding a HttpModule which prompts for user credentials if the user browses to any pages (web services) which are contained in a services folder. Does anyone see any way that this security could fall down and could be bypassed etc. I'm really just trying to decide whether this is a valid approach to take or not?

thanks

1 answers

solution1
 1 ACCPTED  2010-05-19 14:23:51

Seems a bit clumsy to have a person browse to a page in order to use a web service, which is typically done programmatically.

You can simply hide your web services behind formsauthentication, and have an authentication endpoint that sets the forms ticket.

The service client would then just hang on to the CookieContainer and use it for subsequent requests.

Whatever you do, you must ensure that any pipe that has credentials going through it is secured via SSL.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Stress testing web services - best approach Securing a Web Method Securing a web service? Valid approach for generic operators Securing web.config settings securing wcf services from specific sources Exchange Web Services - The response received from the service didn't contain valid XML Securing a web folder with out membership roles defined Securing Asp.net Web Form Application Identity Management - securing a REST API / web service
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM