Inland Empire .NET User's Group Forums / .NET Development - New and Upcoming Features / Windows Communication Foundation (WCF) / software as a server / Latest Posts

RE: software as a server

mxrss — Wed, 09 Jan 2008 17:10:35 GMT

also i believe WCF has a security interface for webservices.

RE: software as a server

mxrss — Wed, 09 Jan 2008 17:09:46 GMT

You have to remember the most important thing is that webservices are stateless, ideally you would authenticate once and pass a token that you would use for each call on the method.

bool Authenticate (ref token tok)

So say you have MyMeth(token could be a GUID (extremly hard to guess! also you could encrypt the stream real quick using sql and send back a binary blob.

you would have a session table and reauthorize the connection so long as it is in the lifetime of the object (time outs)

also to use your webservice you could require people to send a KEY like google does for thier webservice and lock it down to the DNS host name that is using it.

- Mike

software as a server

ppearson3000 — Fri, 05 Oct 2007 09:10:59 GMT

hi all,

I understand that the latest and greatest thing is sofware was a service. but I was wondering... Yeah, I can use my expression blend, and set up all my database interactivity to run from a web service. That is not a problem. It works great internally on my intranet domain. However, I don't want everybody being able to pass updates to my db using a web service that I exposed.

What is the best way to secure the web service if you are going to use this sofware as a service. I know that I can put the username and password requirement in a soap header. You pass in the hashed value and authenticate against that, but I have not seen any examples of setting that up for usage with silverlight, and the saas model. Do I need to read more about WCF?? Can anyone point me in the right direction on this???