|
security
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
Web services domain authorizationHi,
I have a question about authorizing access to web service. Is it possible to restrict access to certain web service based on domain name of a server requesting that web service. For example, I have a customers of my web service that have a domain name domainA.com. I would like to allow only to them to consume my web service. Or perhaps there is some better way to authorize access to web serivce? Wagner You can set this up in IIS, under the security tab for the web site/folder.
However, it is pretty easy for a hacker to "fake" the requesting address/domain. If you want better protection take a look at the security enhancements (WS-Security) in Web Services Enhancements (WSE). This allows your "trusted" clients to include some evidence (e.g. something signed with a private key), in the SOAP headers, which would be used to authenticate the caller.  
Other interesting topics
Distributed winforms application security
system.security.securityexception Web Services and Access Control sspi in c# High-strength crypto problems RSA Encrypt/Decrypt with OAEP. OAEP Decryption Error Pls Help! Passing credential between two web sites on same machin Securty around .NET setup program .NET Server Authentication |
|||||||||||||||||||||||
