locked
Secure my WCF service from unauthorized call RRS feed

  • Question

  • Hi..

    I have an ASP.Net 4.0 website which also contains a WCF 4.0 service inside it. This is very vulnerable because the service is directly consumable by using the url, the same way we consume web service. I believe there must be some ways to restrict calls to the service with some kind of authenticated security or allowing only some specific clients. How can I do it? Any help will greatly be appreciated. Thanks


    :RSMANU:

    Wednesday, June 6, 2012 12:20 PM

Answers

  • without ssl - your'e not really secured!

    sure, you could try something like CUB. it will work for you but you must use certificate to get security.


    http://webservices20.blogspot.com/
    WCF Security, Interoperability And Performance Blog

    Thursday, June 7, 2012 10:05 AM

All replies

  • you should secure the site with ssl and basic username authentication. this is not specific to wcf but you can read about it in any areticel about securing web sites.

    Wcf can also do authentication in the message level which may or may not be better for you:

    http://msdn.microsoft.com/en-us/library/ff648840.aspx


    http://webservices20.blogspot.com/
    WCF Security, Interoperability And Performance Blog

    Wednesday, June 6, 2012 3:29 PM
  • Hi.

    Thanks for your time.

    Is there any other alternates than using SSL certificates? Its because I host my website with GoDaddy with no SSL feature. The website contains the SVC file also.. So my calls will be from the same website and not from any windows application or something.. Is there any way to do this securely?


    :RSMANU:

    Thursday, June 7, 2012 8:28 AM
  • without ssl - your'e not really secured!

    sure, you could try something like CUB. it will work for you but you must use certificate to get security.


    http://webservices20.blogspot.com/
    WCF Security, Interoperability And Performance Blog

    Thursday, June 7, 2012 10:05 AM
  • That concludes it... Thanks for your help..

    :RSMANU:

    Friday, June 8, 2012 9:13 AM