locked
asmx security for third party consumers RRS feed

  • Question

  • User1220439608 posted

    hello all, asmx newbie here...

    i've written a simple asmx that has a single method used to verify codes. it takes one or more codes, and returns result info pulled from db in xml.

    this service will be consumed by third parties who need to verify the codes.  i am assuming that this service should have some level of security for, if nothing else, preventing it from being hammered by malicious requests.  correct?

    if so, i need a way to secure the service.  i thought about asking for usr/pwd as method parameters, but realize this text would be in the clear if consumer was making service requests via javascript.

    what method of security would  you suggest in this case?

    Wednesday, January 16, 2013 1:53 AM

Answers

  • User477186420 posted

    You can pass username and password on asmx service when it will called and validate username and password (you can pass username and password into encrypted)

    Or

    You can validate domain from where request is came, if domain is not matched with data then it throw the error

    let me know if any query

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Wednesday, January 16, 2013 2:36 AM
  • User477186420 posted

    Hi

    Check below code it may help you

    if (context.Request.UrlReferrer == null) 
     { 
          context.Response.Write("Invalid Request"); 
          return; 
     }

    OR

    if(Request.UrlReferrer.ToString().indexOf("http://www.tyamjoli.com")!=-1)
     {
     //Valid request 
     }

    also check below link it may help you (I am not much sure about link) it will as per your need or not

    http://www.codeproject.com/Articles/8116/WS-Security-Secure-Web-services-through-SOAP-Messa

    let me know if any query


    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Thursday, January 17, 2013 1:15 AM

All replies

  • User477186420 posted

    You can pass username and password on asmx service when it will called and validate username and password (you can pass username and password into encrypted)

    Or

    You can validate domain from where request is came, if domain is not matched with data then it throw the error

    let me know if any query

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Wednesday, January 16, 2013 2:36 AM
  • User1220439608 posted

    thanks for your reply!

    i'm interested in learning  little more about validating the domain.  how do i read this value from the asmx method?  can i validate against a custom database table of allowable domains?

    thank you :)

    Wednesday, January 16, 2013 9:22 AM
  • User477186420 posted

    Hi

    Check below code it may help you

    if (context.Request.UrlReferrer == null) 
     { 
          context.Response.Write("Invalid Request"); 
          return; 
     }

    OR

    if(Request.UrlReferrer.ToString().indexOf("http://www.tyamjoli.com")!=-1)
     {
     //Valid request 
     }

    also check below link it may help you (I am not much sure about link) it will as per your need or not

    http://www.codeproject.com/Articles/8116/WS-Security-Secure-Web-services-through-SOAP-Messa

    let me know if any query


    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Thursday, January 17, 2013 1:15 AM