Hello,

I'm developing an project, which consists in a webservice and a client application. It's a fair simple scenario. The webservice is connected to a database server, and the client consumes from the webserver in order to get information retrieved from the database.

The thing is: 1. The client application can only display data after a previous authentication; 2. All the data transferred between Web Service and clients must be confidential; 3. Data integrity shouldn’t be compromised;

I'm wondering what is the best way to achieve these requirements. The first thing I thought about, was sending the server a digital signature containing a client certificate, to be stored in the server, and used as comparison for authentication. But I investigated a little about webservice security, and I'm no longer certain that this is the best option.

Can anyone give me an opinion about this?

TIA