tags:

views:

43

answers:

1
Q: 

Securing asp.net web services to be consumed from flash

Hi, my team is building a game in flash to be embeded in a asp.net application.

When the game is over the player have the chance to type his name to save his score. This is done using web services called from flash. The webservice receives the name and score.

Since the webservice is publicly available how can I make it only callable from my flash given the following conditions:

  • The .swf is hosted by the same asp.net application
  • There are two domains that can access the same application (I have run previously into cross domain issues).
  • Using SSL is not an option.
  • The webservice has to be consumed by the .swf file.

Any help or code would be appreciated.

A: 

Well If you want to use ASP.NET webapplication instead of webservice , I have a solution which worked on my Project.

You can send variables from flash to you ASP.NET page using LoadVars' and 'sendAndLoad. then can get the values in .NET webpage using Request.Form. Now as you have all the variables from Flash to your .NET webpage , do what ever processing you need(Ado.NET or Sending a mail to user)

Here is a sample to get you started with though it is in ASP , can be easily used in ASP.NET.

But if your are trying to use webService connector in Flash m not sure about it and do not see why to use webservice while we can use webapp?

Crossdomain.xml (policy file) is really important here.

Subhen  2010-10-19 06:16:13
The whole game is in flash and to save the score in the DB a web service in my as.net app has to be called. Or is there any other way to securely send data to my asp.net app?
Carlos Muñoz  2010-10-19 16:25:28
@Carlos Muñoz, You don't need a webservice. Just in your .CS file(if you write with C#) load the Flash Variables and then save them to database
Subhen  2010-10-19 16:28:40
Sending parameters via POST to a webpage isn't remotely secure. The webservice suffers from the same weakness though.
Carlos Muñoz  2010-10-19 21:36:23
Agree and SSL is not an option. If you write encode and decode then it will add performance overhead .
Subhen  2010-10-20 03:45:36
Performance overhead is meaningless here, the important issue is to send data from flash to c# webservice and to make sure only flash can call it.
Carlos Muñoz  2010-10-25 16:09:20

related questions

Displaying Version Information in a Web Service
Example Web Service
SoapException: Root element is missing occurs when .NET web service called from Flex
Best practice for webservices
What is your preferred method of sending complex data over a web service?
.Net - Returning DataTables in WCF
Is it possible to return objects from a WebService?
How much extra overhead is generated when sending a file over a web service as a byte array?
Returning Large Results Via a Webservice
File Uploads via Web Services
best way to persist data in .NET Web Service
What is the difference between an endpoint, a service, and a port when working with webservices?
Calling REST web services from a classic asp page
Best way to write a RESTful service "client" in .Net?
Where can I find some good WS-Security introductions and tutorials?
ASP.NET Web Service Results, Proxy Classes and Type Conversion
Web Services -- WCF vs. Standard
C# WCF Service - Backward compatibility issue
Document or RPC based web services
How to easily consume a web service from PHP
Timer-based event triggers
How to pass enumerated values to a web service
Homegrown consumption of web services
How do I print an HTML document from a web service?
How do I fill a DataSet or a DataTable from a LINQ query resultset ?