Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Help Keep Boards Alive. Support us by going ad free today. See here: https://subscriptions.boards.ie/.
If we do not hit our goal we will be forced to close the site.

Current status: https://keepboardsalive.com/

Annual subs are best for most impact. If you are still undecided on going Ad Free - you can also donate using the Paypal Donate option. All contribution helps. Thank you.

Inherited an insecure website

  • 21-03-2014 10:53AM
    #1
    RangeR
    Registered Users, Registered Users 2 Posts: 7,258 ✭✭✭


    Hi,

    I inherited an insecure website. It's written in C# .Net and hosted in DMZ. It used the LAN DB as it's data source [OMG]. I want to cut that cord and put in a WebService as a middleman data provider.

    Web user authentication is using the standard Microsoft Membership.

    How do I secure the webservice from unauthorised use? I'm not talking about SSL encryption. But how do I prevent the webservice use without valid authentication. So, if someone breaks into the web server box, they can't just run the web service directly from a browser of SoapUI or some such?


Comments

  • #2
    John_Mc
    Registered Users, Registered Users 2 Posts: 2,793 ✭✭✭John_Mc


    RangeR wrote: »
    Hi,

    I inherited an insecure website. It's written in C# .Net and hosted in DMZ. It used the LAN DB as it's data source [OMG]. I want to cut that cord and put in a WebService as a middleman data provider.

    Web user authentication is using the standard Microsoft Membership.

    How do I secure the webservice from unauthorised use? I'm not talking about SSL encryption. But how do I prevent the webservice use without valid authentication. So, if someone breaks into the web server box, they can't just run the web service directly from a browser of SoapUI or some such?

    Authentication tokens are transmitted as part of the Header and verified before being processed.

    .Net provides this functionality out of the box so there's not much work in setting it up.

    Check this out


Advertisement