Inherited an insecure website

RangeR · 21-03-2014 09:53AM #1

Hi,

I inherited an insecure website. It's written in C# .Net and hosted in DMZ. It used the LAN DB as it's data source [OMG]. I want to cut that cord and put in a WebService as a middleman data provider.

Web user authentication is using the standard Microsoft Membership.

How do I secure the webservice from unauthorised use? I'm not talking about SSL encryption. But how do I prevent the webservice use without valid authentication. So, if someone breaks into the web server box, they can't just run the web service directly from a browser of SoapUI or some such?

John_Mc · 21-03-2014 11:51AM

RangeR wrote: »

Hi,

I inherited an insecure website. It's written in C# .Net and hosted in DMZ. It used the LAN DB as it's data source [OMG]. I want to cut that cord and put in a WebService as a middleman data provider.

Web user authentication is using the standard Microsoft Membership.

How do I secure the webservice from unauthorised use? I'm not talking about SSL encryption. But how do I prevent the webservice use without valid authentication. So, if someone breaks into the web server box, they can't just run the web service directly from a browser of SoapUI or some such?

Authentication tokens are transmitted as part of the Header and verified before being processed.

.Net provides this functionality out of the box so there's not much work in setting it up.

Check this out

Inherited an insecure website

Comments