software as a server

Inland Empire .NET User's Group Forums

Home

Members

Calendar

Who's On

Welcome Guest ( Login | Register )

software as a server

Rate Topic

Display Mode

Topic Options

Message

Posted 10/5/2007 9:10:59 AM

Post #46

ppearson3000

hi all,

I understand that the latest and greatest thing is sofware was a service. but I was wondering... Yeah, I can use my expression blend, and set up all my database interactivity to run from a web service. That is not a problem. It works great internally on my intranet domain. However, I don't want everybody being able to pass updates to my db using a web service that I exposed.

What is the best way to secure the web service if you are going to use this sofware as a service. I know that I can put the username and password requirement in a soap header. You pass in the hashed value and authenticate against that, but I have not seen any examples of setting that up for usage with silverlight, and the saas model. Do I need to read more about WCF?? Can anyone point me in the right direction on this???

Patrick Pearson Tongue

Posted 1/9/2008 5:09:46 PM

Post #102

mxrss

You have to remember the most important thing is that webservices are stateless, ideally you would authenticate once and pass a token that you would use for each call on the method.

bool Authenticate (ref token tok)

So say you have MyMeth(token could be a GUID (extremly hard to guess! also you could encrypt the stream real quick using sql and send back a binary blob.

you would have a session table and reauthorize the connection so long as it is in the lifetime of the object (time outs)

also to use your webservice you could require people to send a KEY like google does for thier webservice and lock it down to the DNS host name that is using it.

- Mike

Posted 1/9/2008 5:10:35 PM

Post #103

mxrss

also i believe WCF has a security interface for webservices.

« Prev Topic | Next Topic »

Permissions

All times are GMT -8:00, Time now is 10:35am