开发者

Setting up a secure Web Service

开发者 https://www.devze.com 2023-02-08 21:31 出处:网络
I need to set up a web service. Server is in DMZ, so I thought about putting web service in IIS (asmx) cos only port 80 is available to comunicate. But information it provides should be secured. What

I need to set up a web service. Server is in DMZ, so I thought about putting web service in IIS (asmx) cos only port 80 is available to comunicate. But information it provides should be secured. What choices do I have when it comes to what .NET / IIS can offer ?

Or maybe I should dispense with asxm web service and switch to something else. But once again, I only have port 80 avai开发者_如何学编程lable.

Thanks, Pawel


You should checkout WCF

When it comes to securing web services you have to main action paths:

  • go for communication over HTTPS and leave the web service messages in plain text (no problem since the data is over HTTPS and you can't see inside): transport level security;
  • go for communication over HTTP but secure the messages of the web service (WS-Security fits this role): message level security.

WS-* specifications are not an easy thing to digest (especialy WS-Security which relies on other specs like WS-Policy, WS-Addressing, XML Signature, XML Encryption etc). But since you say you only have port 80 available for communication I think you don't have a choice (don't even think of implementing your own security mechanism :D).

So, if you have to use WS-Security then go for WCF. You have a bunch of communication mechanism you can choose from and WCF takes a lot of the heavy lifting for you, abstracting away the "bare metal" of SOAP and WS-*.


Within IIS, if you wish to only allow a specific IP address to access the web service, do the following:

  1. Within IIS, right click on the file with asmx extension. Click “Switch to features view”
  2. Click the “IP Address and Domain Restrictions” icon.

    Setting up a secure Web Service

  3. Click “Edit Feature Settings”, Select Deny All, Add Allow Entry.

    Setting up a secure Web Service

  4. Type in the IP you want the service to access.

0

精彩评论

暂无评论...
验证码 换一张
取 消