locked
Security precautions for service RRS feed

 > 

  • Question

  • Question
    Sign in to vote
    0
    Sign in to vote
    User-284642143 posted

    I have a basic web service

    <%@ WebHandler Language="VB" Class="TestHandler" %>

Imports System
Imports System.Web

Public Class TestHandler : Implements IHttpHandler
    
    Public Sub ProcessRequest(ByVal context As HttpContext) Implements IHttpHandler.ProcessRequest
        context.Response.ContentType = "text/plain"
        context.Response.Write("Hello World")
    End Sub
 
    Public ReadOnly Property IsReusable() As Boolean Implements IHttpHandler.IsReusable
        Get
            Return False
        End Get
    End Property

End Class

    I have a third party who will send an XML request to this service which is hosted publicly and then i reply back with a 200 status (saving some details to a database). I assume at this stage i will use the HttpWebRequest to send the status back however with it being public any guides i could follow to ensure its fully protected and no security loop holes?

    Friday, January 19, 2018 10:49 AM

All replies

  • Question
    Sign in to vote
    0
    Sign in to vote
    User475983607 posted

    You've posted an HttpHandler not a service.  HttpHandlers process certain types of requests.  It is not clear why you need HttpWebRequest to send a response as that's the handler's job.  Lastly, you have not told us how the site is secured.

    Perhaps Web API is a better choice.

    https://www.asp.net/web-api

    Friday, January 19, 2018 11:49 AM
  • Question
    Sign in to vote
    0
    Sign in to vote
    User-284642143 posted

    Yea your correct, after i asked i started to change the project but probably have confused myself a little in the process :-)

    So an incoming request would reach a public URL i control, this URL would handle the request (i.e. process the incoming request and take appropriate actions on our database). Once completed i need to return a HTTP response. That would be the entire process.

    So i added an ashx file to my project and i could access it via a URL i.e. http://localhost/myfile.ashx which returns "Hello World", meaning the structure is setup correctly before i start writing code.

    Security wise, i am using forms auth.

    Before i go any further does this all sound ok? (So i may not need Web API)?

    Friday, January 19, 2018 12:12 PM