Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie

Inherited an insecure website

Options
  • 21-03-2014 10:53am
    #1
    RangeR
    Registered Users Posts: 7,265 ✭✭✭


    Hi,

    I inherited an insecure website. It's written in C# .Net and hosted in DMZ. It used the LAN DB as it's data source [OMG]. I want to cut that cord and put in a WebService as a middleman data provider.

    Web user authentication is using the standard Microsoft Membership.

    How do I secure the webservice from unauthorised use? I'm not talking about SSL encryption. But how do I prevent the webservice use without valid authentication. So, if someone breaks into the web server box, they can't just run the web service directly from a browser of SoapUI or some such?


Comments

  • Options
    #2
    John_Mc
    Registered Users Posts: 2,791 ✭✭✭John_Mc


    RangeR wrote: »
    Hi,

    I inherited an insecure website. It's written in C# .Net and hosted in DMZ. It used the LAN DB as it's data source [OMG]. I want to cut that cord and put in a WebService as a middleman data provider.

    Web user authentication is using the standard Microsoft Membership.

    How do I secure the webservice from unauthorised use? I'm not talking about SSL encryption. But how do I prevent the webservice use without valid authentication. So, if someone breaks into the web server box, they can't just run the web service directly from a browser of SoapUI or some such?

    Authentication tokens are transmitted as part of the Header and verified before being processed.

    .Net provides this functionality out of the box so there's not much work in setting it up.

    Check this out


Advertisement