Answered by:
Creating Secure Web Service for consumption from iOS iPad app

Question
-
User853399013 posted
Hi,
I have about 1 year of .NET experience and I am trying to create and iPAD app that will store data in SQL Server database. Eventually this app will be on Android as well, etc..
I need to create a web service that is secure, uses token keys or session keys so that once user is logged in it keeps this info and the services are there to update/insert/delete from tables using the .NET webservice. I want to use SQL Server as the database backend because I have extensive experience in database and use IIS . I also don't want to use any free service like parse etc.. I'm having a hard time to find clear examples of this anywhere on google. Basically what I want is as below:
1. when user logs in from ipad app, it authenticates if user exists or not via the webservice and checks the db. if successful logs in the user.
2. once logs in, the user is able to insert, update, delete various data that the app does and uses the web service to insert update delete etc..
3. The webservices all should only be allowed by the app with the correct session id or token id so that no one else will be able to use the webservice . the website will be using https so it will be secure. I don't want to use certificates for the ipad app .
Can anyone help me create this or show me step by step or point me to links that have this , I would be forever grateful and somehow return the favor.
Thank you.
Wednesday, February 17, 2016 12:16 AM
Answers
-
User36583972 posted
Hi zlvdx,
From your description. I suggest you can use the Web API to implement your Web service. The following tutorials can help you.
1: How to create a Web API program:
http://www.asp.net/web-api/overview/getting-started-with-aspnet-web-api/tutorial-your-first-web-api
2: You can restrict the controller by using custom authorization filters. the filter allows any authenticated user to access the restricted methods. You can also limit access to specific users or to users in specific roles.
http://www.asp.net/web-api/overview/security/authentication-and-authorization-in-aspnet-web-api
3: Secure a Web API with Individual Accounts and Local Login in ASP.NET Web API 2.2:
http://www.asp.net/web-api/overview/security/individual-accounts-in-web-api
4: You also can use Tokens based on RSACryptoServiceProvider (Public/Private Keys) to make your application secure. The following tutorial implement RSA public/private token in the Web API service.
http://codebetter.com/johnvpetersen/2012/04/02/making-your-asp-net-web-apis-secure/Best Regards,
Yohann Lu
- Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
Wednesday, February 17, 2016 5:46 AM
All replies
-
User36583972 posted
Hi zlvdx,
From your description. I suggest you can use the Web API to implement your Web service. The following tutorials can help you.
1: How to create a Web API program:
http://www.asp.net/web-api/overview/getting-started-with-aspnet-web-api/tutorial-your-first-web-api
2: You can restrict the controller by using custom authorization filters. the filter allows any authenticated user to access the restricted methods. You can also limit access to specific users or to users in specific roles.
http://www.asp.net/web-api/overview/security/authentication-and-authorization-in-aspnet-web-api
3: Secure a Web API with Individual Accounts and Local Login in ASP.NET Web API 2.2:
http://www.asp.net/web-api/overview/security/individual-accounts-in-web-api
4: You also can use Tokens based on RSACryptoServiceProvider (Public/Private Keys) to make your application secure. The following tutorial implement RSA public/private token in the Web API service.
http://codebetter.com/johnvpetersen/2012/04/02/making-your-asp-net-web-apis-secure/Best Regards,
Yohann Lu
- Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
Wednesday, February 17, 2016 5:46 AM -
User853399013 posted
Thank you so much. I will review this and provide feedback. I appreciate it !
Thursday, February 18, 2016 6:23 PM