Remove From My Forums

Sending sensitive data using web service over https

Question
0

Sign in to vote

User2084211446 posted

I've a web service which is deliverying senstive data to the clients. I'm using it over https and it requires the users to send their userid and password (plain text) as parameters to get data. Assuming that the both end points (sender's and receiver's) are secured, is it safe enough? If not, what else I should do to secure the process? I'm doing this for the first time. Any thoughts and suggestions are most welcome and much appreciated. I am using c# ASP.NET 4.0

Thanks

Rose :)

Wednesday, April 2, 2014 11:26 AM

Answers

0

Sign in to vote
User422038134 posted

You can use SSL and Basic authentication with REST web services as well.

HTTP GET is usually used for data retrieval (queries) but you can use HTTP POST as well. GET is especially useful if you can use any type of HTTP caching. POST is usefull if you need to transfer a lot of data to define your query or if your web service operation expects some complex data format instead of simple arguments
- Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
Wednesday, April 2, 2014 11:36 AM
0

Sign in to vote
User1779161005 posted

I am using ASP.NET membership's form authentication. So when my web serivce receives userid and password, it is validated using ASP.NET membership.

Thanks for your help and comments.

Rose

Ok, so keep in mind that brute force attacks on the password are a real possibility.
- Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
Wednesday, April 2, 2014 12:22 PM

All replies

0

Sign in to vote
User422038134 posted

You can use SSL and Basic authentication with REST web services as well.

HTTP GET is usually used for data retrieval (queries) but you can use HTTP POST as well. GET is especially useful if you can use any type of HTTP caching. POST is usefull if you need to transfer a lot of data to define your query or if your web service operation expects some complex data format instead of simple arguments
- Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
Wednesday, April 2, 2014 11:36 AM
0

Sign in to vote

User1779161005 posted

How are the credentials stored? You need to prevent brute force attacks on the password.

Wednesday, April 2, 2014 11:40 AM
0

Sign in to vote

User2084211446 posted

I am using ASP.NET membership's form authentication. So when my web serivce receives userid and password, it is validated using ASP.NET membership.

Thanks for your help and comments.

Rose

Wednesday, April 2, 2014 12:10 PM
0

Sign in to vote
User1779161005 posted

I am using ASP.NET membership's form authentication. So when my web serivce receives userid and password, it is validated using ASP.NET membership.

Thanks for your help and comments.

Rose

Ok, so keep in mind that brute force attacks on the password are a real possibility.
- Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
Wednesday, April 2, 2014 12:22 PM
0

Sign in to vote

User-1949460947 posted

Hello Rose,

From which threat you want to protect your application?

If you want to ensure, that no one can read your sensitive data while it is transmitted, then SSL is a good solution.

If you want to ensure, that no one can access your web service anonymously, then you need authentication. A custom authentication is good, anything that is standard, such as Basic is even better.

If you want to ensure, that no one can perform a Denial of Service attack by sending brute force requests, then you must prepare your authentication for that.

Hope this helps,

György

Thursday, April 3, 2014 10:14 PM

Answered by:

Sending sensitive data using web service over https

Question

Answers

All replies