Restricting access to ASMX web service

views:

answers:

Restricting access to ASMX web service

There id this existing ASP.NET (2.0) web service that's called from PHP. Runs fine. Now the need arises to restrict access. Constraint: I currently don't have access to IIS/Windows account management to implement something robust,.

I'm thinking about adding a SOAP header to the PHP call, containing a secret key, and then checking the contents of the header in the ASP.NET web service.

I'm fairly new to SOAP, so I might be way off though, any better ideas are appreciated!

+1 A:

SOAP Headers would work. So would a client certificate. The question will be: what can PHP handle?

John Saunders 2009-08-19 09:17:31

thanks,that's a good question (I think PHP can handle both). I was just curious whether there was a glaring oversight on my behalf.

ArjanZuidhof 2009-08-19 09:26:04

I recommend the book Mastering Web services security By Bret Hartman, Donald J. Flinn, Konstantin Beznosov, Shirley Kawamoto

SUMMARY:Authorization policies restrict access to many different collections of ... of Web Services security. For this scenario, we've chosen to use ASP.NET.

adatapost 2009-08-19 09:20:38

Aren't policies part of WS-Security?

John Saunders 2009-08-19 09:24:08

ansaurus

tags:

views:

answers:

Restricting access to ASMX web service

related questions