How to make web services secure in asp.net both the asmx and on WCF. Currently we have web services and now are in process of converting them to WCF in some modules in our application. Now as upgradation is in process we like to incorporate security on the web services as we intend to open some of them to all our clients via web (they contain both asmx and WCF as well). Tnanks in advance
+1
A:
It's not a quick and simple answer, I'd recommend reading through the following CodePlex links for WCF Security Guidance:
WCF Security & WCF Security Guidance.
The site provides step by step checklists for different scenarios, one of which you should be able to relate to your scenario. Different scenarios and security setups are provided for intranet/Internet scenarios with authentication mechanisms including: None, Basic, NTLM, Windows, Certificates, Username, Tokens. Autorization options include: Role based, Identity based and Resource based. (See chapter 5)
Tanner
2010-01-25 12:19:20