SAOP ASMAX Security Rquirements RRS feed

  • Question

  • Guys.

    I have created a SOAP Web Service that works great. 

    The web server is installed on a Windows Machine within a Secure Environment. 

    It authenticates and sends data to another Web Service on THE SAME machine. 

    Ihave stored the username and password in web.config. 

    The client comes with an additional requirement, they complain that the username and password in the web.config is stored as  text and they demand that those two values should be encrypted. 

    My first argument is that the system is already in the secure environment (no access to the outside world except for one port oppend for receiving the messages). Second - the WebService is NOT going out to the internet to communicate with the other WebService. It authenticates locally. 

    Do you think that requirement of  is reasonable? 

    Is this industry standard to encrypt the username and password stored inside web.config ?

    Any advise will be appreciated.

    Wednesday, July 4, 2018 7:40 AM

All replies

  • Hi friend,

    Welcome to the MSDN forum.

    Refer to your description, it seems your issue is about the SOAP Web Service application development. Since our forum is to discuss the .NET Framework installation issues, please redirect to this appropriate forum to seek for a better support, thank you for your understanding.

    Meanwhile, I found a similar discussion and hope it helpful for your decision.

    Best regards,


    MSDN Community Support Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact

    Thursday, July 5, 2018 5:50 AM