none
How to Encrypt both ASMX Web Service request and response without using HTTPS & SSL RRS feed

  • Question

  • i have come across a msdn article https://msdn.microsoft.com/en-us/library/ms972410.aspx?f=255&MSPPError=-2147217396 which guide how to design a web service which send response in encrypted form without using HTTPS & SSL. we just need to add one attribute for return response in encrypted form. a sample code as follows

    public class CreditCardService {
    
      [WebMethod]
      [EncryptionExtension(Encrypt=EncryptMode.Response)]
      public string GetCreditCardNumber() {
        return "MC: 4111-1111-1111-1111";
      }
    }

    1) i like to know what dll i need to include as a result as a result i could use this attribute [EncryptionExtension(Encrypt=EncryptMode.Response)] for web method ?

    2) can i encrypt request and response both using this attribute EncryptionExtension ? i am not before dev environment so could not test it. so please some one share knowledge.

    3) my main concern is to encrypt my web service request and response without using SSL & HTTPS and also i do not like to write any routine which encrypt request and response xml of web service. i want some automated way which encrypt my web service request and response automatically. guide me. thanks

    Thursday, April 9, 2015 1:39 PM

Answers

  • Hi mou_kolkatta,
       As per your case, I have been shared the corresponding details below :

    1. Its not necessary to include any additional dll for use this attribute [EncryptionExtension(Encrypt=EncryptMode.Response)] for web method
      For more information, refer this link
      "https://msdn.microsoft.com/en-us/library/ms996945.aspx"  which is having Encrypting SOAP Messages Using Web Services Enhancements
    2. Sure, you'll need to create a dll and reference the dll in both the client and service.   The article assumes a certain level of programming experience.  So some implementations are left to the developer
    3. If you read the whole article, you'll see that you need to implement your own SOAP Extension that will provide the necessary encryption
      WCF implements message level security out-of-the-box.  ASMX requires coding.  You might be able to find libraries on the Interwebs to save yourself some work

    Source referred from the following link in another forum which was originally posted by you :

    http://forums.asp.net/t/2044604.aspx?How+to+Encrypt+both+web+service+request+and+response+without+using+HTTPS+SSL

    --
    with regards,
    Edwin

    Tuesday, April 14, 2015 6:35 AM
  • please redirect me to a article which guide me with full source code like how encrypting asmx request and response xml ? looking for code sample which i can download and run in my pc. thanks

    For encrypting asmx request and response xml, we can use the Encryption Algorithm like the symmetric or asymmetric keys and authentication, in this way the request and response will be encrpted.


    --
    with regards,
    Edwin


    Wednesday, April 15, 2015 8:05 AM

All replies

  • Hi mou_kolkatta,
       As per your case, I have been shared the corresponding details below :

    1. Its not necessary to include any additional dll for use this attribute [EncryptionExtension(Encrypt=EncryptMode.Response)] for web method
      For more information, refer this link
      "https://msdn.microsoft.com/en-us/library/ms996945.aspx"  which is having Encrypting SOAP Messages Using Web Services Enhancements
    2. Sure, you'll need to create a dll and reference the dll in both the client and service.   The article assumes a certain level of programming experience.  So some implementations are left to the developer
    3. If you read the whole article, you'll see that you need to implement your own SOAP Extension that will provide the necessary encryption
      WCF implements message level security out-of-the-box.  ASMX requires coding.  You might be able to find libraries on the Interwebs to save yourself some work

    Source referred from the following link in another forum which was originally posted by you :

    http://forums.asp.net/t/2044604.aspx?How+to+Encrypt+both+web+service+request+and+response+without+using+HTTPS+SSL

    --
    with regards,
    Edwin

    Tuesday, April 14, 2015 6:35 AM
  • can u redirect me to few good article for WCF implements message level security out-of-the-box. how many ways people can give security to wcf message instead of using ssl or https ?

    please redirect me to a article which guide me with full source code like how encrypting asmx request and response xml ? looking for code sample which i can download and run in my pc. thanks

    Tuesday, April 14, 2015 11:16 AM
  • please redirect me to a article which guide me with full source code like how encrypting asmx request and response xml ? looking for code sample which i can download and run in my pc. thanks

    For encrypting asmx request and response xml, we can use the Encryption Algorithm like the symmetric or asymmetric keys and authentication, in this way the request and response will be encrpted.


    --
    with regards,
    Edwin


    Wednesday, April 15, 2015 8:05 AM