Security precautions for service RRS feed

  • Question

  • User-284642143 posted

    I have a basic web service

    <%@ WebHandler Language="VB" Class="TestHandler" %>
    Imports System
    Imports System.Web
    Public Class TestHandler : Implements IHttpHandler
        Public Sub ProcessRequest(ByVal context As HttpContext) Implements IHttpHandler.ProcessRequest
            context.Response.ContentType = "text/plain"
            context.Response.Write("Hello World")
        End Sub
        Public ReadOnly Property IsReusable() As Boolean Implements IHttpHandler.IsReusable
                Return False
            End Get
        End Property
    End Class

    I have a third party who will send an XML request to this service which is hosted publicly and then i reply back with a 200 status (saving some details to a database). I assume at this stage i will use the HttpWebRequest to send the status back however with it being public any guides i could follow to ensure its fully protected and no security loop holes?

    Friday, January 19, 2018 10:49 AM

All replies

  • User475983607 posted

    You've posted an HttpHandler not a service.  HttpHandlers process certain types of requests.  It is not clear why you need HttpWebRequest to send a response as that's the handler's job.  Lastly, you have not told us how the site is secured.

    Perhaps Web API is a better choice.


    Friday, January 19, 2018 11:49 AM
  • User-284642143 posted

    Yea your correct, after i asked i started to change the project but probably have confused myself a little in the process :-)

    So an incoming request would reach a public URL i control, this URL would handle the request (i.e. process the incoming request and take appropriate actions on our database). Once completed i need to return a HTTP response. That would be the entire process.

    So i added an ashx file to my project and i could access it via a URL i.e. http://localhost/myfile.ashx which returns "Hello World", meaning the structure is setup correctly before i start writing code.

    Security wise, i am using forms auth.

    Before i go any further does this all sound ok? (So i may not need Web API)?

    Friday, January 19, 2018 12:12 PM