asmx security for third party consumers

Question

User1220439608 posted

hello all, asmx newbie here...

i've written a simple asmx that has a single method used to verify codes. it takes one or more codes, and returns result info pulled from db in xml.

this service will be consumed by third parties who need to verify the codes.  i am assuming that this service should have some level of security for, if nothing else, preventing it from being hammered by malicious requests.  correct?

if so, i need a way to secure the service.  i thought about asking for usr/pwd as method parameters, but realize this text would be in the clear if consumer was making service requests via javascript.

what method of security would  you suggest in this case?

Answer 1

User477186420 posted

You can pass username and password on asmx service when it will called and validate username and password (you can pass username and password into encrypted)

Or

You can validate domain from where request is came, if domain is not matched with data then it throw the error

let me know if any query

Answer 2

User1220439608 posted

thanks for your reply!

i'm interested in learning  little more about validating the domain.  how do i read this value from the asmx method?  can i validate against a custom database table of allowable domains?

thank you :)

Answer 3

User477186420 posted

Hi

Check below code it may help you

if (context.Request.UrlReferrer == null) 
 { 
      context.Response.Write("Invalid Request"); 
      return; 
 }

OR

if(Request.UrlReferrer.ToString().indexOf("http://www.tyamjoli.com")!=-1)
 {
 //Valid request 
 }

also check below link it may help you (I am not much sure about link) it will as per your need or not

http://www.codeproject.com/Articles/8116/WS-Security-Secure-Web-services-through-SOAP-Messa

let me know if any query