tags:

views:

40

answers:

2
+1  Q: 

how to add simple security and measure performance of web service

hi,

So I'm making a app for a bank, but it doesnt manage very important data. I have two problems, it will run over a VERY large LAN network protected by all kinds of security(antivirus and firewalls) and the bandwidth in certain regions is as low as 56kbps.(Its a desktop app with a web server backend connected by web services)

From the security point of view all I want is to prevent someone from executing the web services from some other source or app results in change in the database . I'm thinking of each desktop app installed with a install code, this will be hashed and required as a parameter for every function call and will act as an authentication ticket? Is this good enough? Are they better SIMPLER means?

For performance, how do I measure or know if the web service will send and receive data at a decent rate?

Thanks

Gideon

A: 

I would prefer assigning usernames and passwords. Either way, the user can disclose their code to someone else. And either the user or a recipient can access the app using other programs (there's no way to prevent someone extracting an install code). But if you assign usernames, they are more likely to take personal responsibility for what happens using the authorization.

Matthew Flaschen  2010-07-08 14:09:10
Yes yes, there are Already usernames and passwords!! I'm so sorry I didnt mention this!!
giddy  2010-07-09 12:26:44
Wondering if that isn't secure enough...so I though of adding this install code thing... also each passwords hash is stored and sent over the service for authentication.
giddy  2010-07-09 12:37:33
@Gideon, as I said, embedding the install code doesn't prevent them from using other applications to access the service.
Matthew Flaschen  2010-07-09 13:04:44
A: 

Assuming you are on a windows domain. You could configure the server to use windows authentication and restrict the users which can access the web service.

For performance measuring - asp.net will show you a sample request and response if you hit the web service from a browser, you can work out the site of a message and use the bandwidth to calculate how long it should take. You could also call the web service and use the stopwatch class to measure the time it takes.

Chris Diver  2010-07-08 14:16:29

related questions

Displaying Version Information in a Web Service
Example Web Service
SoapException: Root element is missing occurs when .NET web service called from Flex
Best practice for webservices
What is your preferred method of sending complex data over a web service?
.Net - Returning DataTables in WCF
Is it possible to return objects from a WebService?
How much extra overhead is generated when sending a file over a web service as a byte array?
Returning Large Results Via a Webservice
File Uploads via Web Services
best way to persist data in .NET Web Service
What is the difference between an endpoint, a service, and a port when working with webservices?
Calling REST web services from a classic asp page
Best way to write a RESTful service "client" in .Net?
Where can I find some good WS-Security introductions and tutorials?
ASP.NET Web Service Results, Proxy Classes and Type Conversion
Web Services -- WCF vs. Standard
C# WCF Service - Backward compatibility issue
Document or RPC based web services
How to easily consume a web service from PHP
Timer-based event triggers
How to pass enumerated values to a web service
Homegrown consumption of web services
How do I print an HTML document from a web service?
How do I fill a DataSet or a DataTable from a LINQ query resultset ?