Limiting potential users of a SOAP web service? Possible?
-
Hi, I have created a SOAP web service in .NET. I have a client application which consumes some methods - it essentially passes a username and password to the web service and gets back a 'signature' (for what is not important), once the username and password is correct. Obviously, this web service is exposed to the world - and could be a target for malicious users, etc. Is there any way in .NET to say "Only allow this application to use this web service"? I cannot limit the IP range, as the client app should be usable from anywhere. I'm sure this is a common problem, but have found no concrete help. Thanks, Cormac
-
Hi, I have created a SOAP web service in .NET. I have a client application which consumes some methods - it essentially passes a username and password to the web service and gets back a 'signature' (for what is not important), once the username and password is correct. Obviously, this web service is exposed to the world - and could be a target for malicious users, etc. Is there any way in .NET to say "Only allow this application to use this web service"? I cannot limit the IP range, as the client app should be usable from anywhere. I'm sure this is a common problem, but have found no concrete help. Thanks, Cormac
Please have a look at this article: Protect Your Web Services Through The Extensible Policy Framework In WSE 3.0[^] It can give you a good idea on how to go.
Hesham A. Amin My blog
-
Please have a look at this article: Protect Your Web Services Through The Extensible Policy Framework In WSE 3.0[^] It can give you a good idea on how to go.
Hesham A. Amin My blog
Thanks!