Securing Web Services approach valid?

Posted by NBrowne on Stack Overflow See other posts from Stack Overflow or by NBrowne
Published on 2010-05-19T14:19:05Z Indexed on 2010/05/19 14:20 UTC
Read the original article Hit count: 192

Filed under:

web

|

service

|

c#

|

security

Hi , Currently I am looking at securing our web services. At the moment we are not using WCF so this is not an option. One approach I have seen and implemented locally fairly easily was the approach described in article:

http://www.codeproject.com/KB/aspnet/wsFormsAuthentication.aspx

Which describes adding a HttpModule which prompts for user credentials if the user browses to any pages (web services) which are contained in a services folder. Does anyone see any way that this security could fall down and could be bypassed etc. I'm really just trying to decide whether this is a valid approach to take or not?

thanks

© Stack Overflow or respective owner

Related posts about web

Why is Java EE 6 better than Spring ?

as seen on Oracle Blogs - Search for 'Oracle Blogs'
Java EE 6 was released over 2 years ago and now there are 14 compliant application servers. In all my talks around the world, a question that is frequently asked is Why should I use Java EE 6 instead of Spring ? There are already several blogs covering that topic: Java EE… >>> More
Hosting a website on Heroku.... I know how to, but im running into problems!

as seen on Pro Webmasters - Search for 'Pro Webmasters'
I'm starting to learn more on the back-end scale of programing. Recently I started up Heroku for the second or third time. This time I actually installed the Git update to my Mac and installed Heroku in the terminal. I wanted to upload a static html site with the sinatra gem. Everything worked out… >>> More
Microsoft .NET Web Programming: Web Sites versus Web Applications

as seen on Samir ASP.NET with C# Technology - Search for 'Samir ASP.NET with C# Technology'
In .NET 2.0, Microsoft introduced the Web Site. This was the default way to create a web Project in Visual Studio 2005. In Visual Studio 2008, the Web Application has been restored as the default web Project in Visual Studio/.NET 3.x The Web Site is a file/folder based Project structure. It… >>> More
VS2008 - Unable to Add Web Reference to Web Application Project (The web services enumeration compon

as seen on Stack Overflow - Search for 'Stack Overflow'
I've run into a situation where I was unable to add a Web Reference in Visual Studio 2008 to a Web Application Project. The error I couldn't resolve was "The web services enumeration components are not available. You need to reinstall Visual Studio to add web references to your application." How… >>> More
Outlook Web Access: "Outlook Web Access has encountered a Web browsing error"

as seen on Super User - Search for 'Super User'
When one of my colleagues is accessing Outlook Web Access from IE, he frequently gets an error reported: "Outlook Web Access has encountered a Web browsing error". The error report includes the following: Client Information User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4… >>> More

Related posts about service

Service Discovery in WCF 4.0 – Part 1

as seen on Geeks with Blogs - Search for 'Geeks with Blogs'
When designing a service oriented architecture (SOA) system, there will be a lot of services with many service contracts, endpoints and behaviors. Besides the client calling the service, in a large distributed system a service may invoke other services. In this case, one service might need to know… >>> More
BES Express - failed to run Administration Service

as seen on Server Fault - Search for 'Server Fault'
Hi! I have installed BES Express on Windows Server 7 with Exchange 2007 following by RIM tutorial JDK 1.6.18, JDK\bin included into Path variable After reboot I've run Blackberry Administration Service and receive such error in browser window: HTTP Status 500 - -------------------------------------------------------------------------------- type… >>> More
Windows - Use Local Service and/or Network Service account for a windows service

as seen on Super User - Search for 'Super User'
I've created a window's service that monitors files on a specific directory on our Windows OS. When a file is detected, the service does some file I/O, reads the files, creates sub-directories, etc. This service also uses database connectivity to connect to another server. My plan is to have the… >>> More
Unable to call webservice from another webservice : NETBEANS

as seen on Stack Overflow - Search for 'Stack Overflow'
############## WEBSERVICE 1 (banking.java) package bank; import client.TestserviceService; import javax.jws.WebMethod; import javax.jws.WebService; import javax.xml.ws.WebServiceRef; @WebService() public class banking { @WebServiceRef(wsdlLocation = "WEB-INF/wsdl/localhost_23164/testwebservice/testserviceService… >>> More
.net web service: Can't add service reference, only web reference

as seen on Stack Overflow - Search for 'Stack Overflow'
I have an existing project that consumes web services. One was added as a service reference, and the other as a web reference. I don't recall why one was added as a web reference, but perhaps it's because I couldn't get it to work! The existing service reference for the one web service works fine… >>> More