Hello,
The title says it all, I have a Web Service written in .NET that provides data for an iPhone application. It will also allow the application make a "reservation."
Currently it's all internal to the corporate network but obviously when the iPhone application is published I will need ensure the Web Service is available externally.
How would I go about securing the Web Service?
There are two aspects I'm looking into:
- Authentication for accessing the web service
- Protection for the data being transferred
I'm no so bothered about the data being passed back and forth as it will be viewable in the application anyway (which will be free). The key issue for me is preventing users from accessing the Web Service and making reservations themselves.
At the moment I am considering encrypting any strings in the XML data passed back and forth so only the client can effectively use the web service sidestepping the need for authentication and providing protection for the data. This is the only model I have seen but I think the overheads on the iPhone and even for the web service make for a poor user experience.
Any solutions at all would be most welcome?
Thanks