After having a look at the article, .NET Web Services Security, I feel as though the author was very informative for readers to understand what is required of a .NET secure web service. The article informs readers as to why security in web services is important, and what goes along with that security, such as several authentication techniques, and the log-in method.
Persons looking for insight on creating .NET web services should understand why it is important to include security with that service. Web service are all about connecting businesses, and if your service isn't safe, no one will want to do business with you. If a web service has no authentication or passwords, there will be no way to create a reliable user base for persons to shop / communicate on the web service.
A web service needs authentication, otherwise there is no way to validate that a user is actually who they say they are. Basic authentication requires callers to send credentials to the server. There are several different paths that can be used for authentication on a web service. The following are some of the authentication that the author of the article mentions: Basic Windows Authentication, Digest Windows Authentication, Integrated Windows Authentication, and Custom Authentication.
The log-in method is a very basic method used by a web service to accept a users credentials. It should only be used over HTTPS since credentials are sent over clear text (easily visible, not hidden or encrypted).
I believe that anyone interested in creating a .NET web service should highly consider security as one of their top concerns. If their is no authentication, or even the use of the basic log-in method and its requirements, then two things will most likely happen: Your business won't be trusted by users or especially other businesses, and the web service will probably become a playground for a hacker somewhere who would see an unsecure web service like a child sees a candy store.
Blog by Hans Harvey
Blog Post 11
Sources-
Author: Juval Lowy
Title: .NET Web Services Security
Address: http://www.codemag.com/Article/0307071
No comments:
Post a Comment