.NET Tutorials, Forums, Interview Questions And Answers
Welcome :Guest
Sign In
Win Surprise Gifts!!!

Top 5 Contributors of the Month
david stephan
Gaurav Pal
Post New Web Links

Web Services - Security questions

Posted By:      Posted Date: October 21, 2010    Points: 0   Category :.NET Framework

every one who is working on web services please let me know the answers to following questions I have about
web service security.

1. Which one is best authentication for web services (forms authentication or windows authentication)

2. Is it necessary to implement security for intranet web services?

3. If web service exposing multiple web methods, should we authenticate every time client calls a method
or any other way?

4. How to implement message level security?


View Complete Post

More Related Resource Links

Cloud Security: Crypto Services and Data Security in Windows Azure


Many early adopters cloud platforms have questions about security. We review some of the cryptography services and providers in Windows Azure along with some security implications for applications in the cloud.

Jonathan Wiggs

MSDN Magazine January 2010

WSE Security: Protect Your Web Services Through The Extensible Policy Framework In WSE 3.0


This article describes the WSE policy framework, which allows you to describe constraints and requirements a Web service must enforce. Discussions include security scenarios in WSE 3.0 and extending the framework with custom constraints and requirements.

Tomasz Janczuk

MSDN Magazine February 2006

Intrusion Prevention: Build Security Into Your Web Services with WSE 2.0 and ISA Server 2004


Once you've addressed security in your code, it's time to look at the environment it runs in. Firewalls stop unauthorized traffic from getting into your network, and smart Web service-specific firewalls, like the one that comes with Internet Security and Acceleration (ISA) Server 2004, bring XML intrusion prevention to your system for that added layer of safety.

Dino Esposito

MSDN Magazine November 2004

WS-Security: New Technologies Help You Make Your Web Services More Secure


Without good security, Web Services will never reach their potential. WS-Security and its associated technologies, the focus of this article, represent the future of security for Web Services. Provided here is an overview of these emerging security standards that explains what they do, how they work, and how they get along together. Topics discussed include integrity and confidentiality and how these are provided by public key cryptography, WS-Security, and more. Some of the key components of WS-Security, such as the wsu namespace, are also covered.

David Chappell

MSDN Magazine April 2003

Resource File: Web Services Security Specs and TrustBridge


WS-Security is a recently proposed specification from Microsoft, IBM, and VeriSign. It has been submitted to OASIS for industry standardization. WS-Security builds on the SOAP specification to provide you with a standard mechanism to exchange secure, signed messages in a Web Services environment.

MSDN Magazine October 2002

Security in IIS 6.0: Innovations in Internet Information Services Let You Tightly Guard Secure Data


Security improvements have been a top priority in the evolution of IIS. IIS 6.0, which will be part of Windows .NET Server, has improved security features and a new approach to server configuration. New security-related tools for IIS, including IIS LockDown, make securing your server against attack easier than ever. The author explains how and why you can shut down services with IIS LockDown. He discusses limiting port access with TCP/IP filtering, controlling how files are served with extension mapping, what's new for Secure Sockets Layer, the use of URLScan, and more.

Wayne Berry

MSDN Magazine September 2002

Redirect to Security Questions if Site accessed from unrecognized computer?


I'm fairly new to ASP.NET and i'm using the Membership Provider.  I have the need to do similar to some banking sites. Baically I need to track "authorized" computers/ip's for a user.  If the user accesses the site form a recognized Computer/IP then the user is allowed into the app after successful login.  If the computer/IP is not recognized I need to redirect them to a screen to answer the security question setup in fhte Membership Provider.

Has anyone done anything like this or can anyone point me to any examples?  I did a search, but can't seem to find anything.

My idea is to maintain a list of authorized computers/IP addresses and check them on initial login.  If the IP address isn't found I can redirect them to the questions.  My concern is that they are then actually authenticated and could enter any of the site URL's as an authenticated user.

Any suggestions greatly appreciated. 

web services interview questions.

Hi ,   I am preparing for ASP.NET web service interview.   Can you please send me the FAQ for web services.???   Thanks in advance.   Thanks Narendraan.K

Frequently Asked Questions about the ASP.NET Security Vulnerability

Two days ago I published an important blog post about a security vulnerability in ASP.NET .  In it I discussed a workaround that we recommend customers use to help prevent attackers from using the vulnerability against your applications. Below are answers to some common questions people have asked since then about the vulnerability. Is Microsoft going to release an update to fix the vulnerability? Yes.  We are working on an update to ASP.NET that we will release via Windows Update once it has been thoroughly tested and is ready for broad distribution. Until the update is available, we will also publish details on workarounds (like the one described in this post ) that can be applied immediately to help protect against the vulnerability...(read more)

Basic Security Questions



I'm new to ASP.NET, so please excuse my stupid questions^^

I have already done many tutorials but i don't understand how to work with that membership thing.

If I click on my project and select ASP.Net Configuration I can Setup Users, Roles and so on. But where do they get saved?

How does this ASP.Net Configuration behave after the page goes live, i don't want anybody who knows the adress of this "backend" to access it.

Many Questions, perhaps easy answers...

Maybe you have a good tutorial for me, beacause i didn't find one that explained the whole security subject to me.



Possible security issue with .NET framework and web services


We have a web service that runs fine on our Windows Server 2008 R2 test system.

However, it does not work on a production machine at a customer site.

It is installed using:

  • WISE installer 32 bit
  • .NET 2.0 Framework
  • Machine has UAC disabled

Some observations:

  • Communication between client and server seems to work fine
  • Can't write to c:\ProgramData
  • Can't connect to database using ODBC connector.
  • Can't log messages to the Windows Event Log (we get an exception that we don't have privileges)

This makes us suspect security settings on the machine. Enabling trace logs on the ODBC Manager shows no errors. The Windows Event Viewer doesn't indicate any problems.

Can anyone suggest what is wrong? Is there a tool we can use to discover the source of the problems.

Web Services & invalid security certificate

I am trying to use the Sharepoint List Web Service and VS 2008 to read data from an Access database, create an XML document/element from the information in that database, and then use the XML to update a SP List.  However, our Development server has an invalid security certificate (to save money).  It appears that I can connect successfully to the Web Service (because I can add the Web reference to the project) but I get a connection error when I actually try to update the list.  (This article describes what needs to be done to fix my problem http://support.microsoft.com/kb/915599 but getting a valid security cert just isn't in the cards for this environment.)  The procedure worked correctly on a SP server that was hosted outside our company with a different validation method, i.e. not Active Directory.  We are using SP MOSS 2007.  Thanks for any ideas you can give me. 

how to provice security to wcf services?



 I am created WCF Services and hosted in window services. Now my intention is to provide security to the services. How is it possible in window security mode? how is it possible to provide security for services for each individually?

Sharepoint 2010 security token services is not working.



I have sharepoint 2010 server , i m tryiing to search on sharepoint site but i am getting error "security token service is not avaible"

I have already applied wcf hotfix but stil getting exception when i open this service ,so is there any workaround to start this service or any workaround to search on sharepoint site(I am using sharepoint.office.search dll to search on sharepoint site)


Please reply as its really urgent


Thanks in advance!!


WCF: Establishing Trust Between WCF Web Services and SharePoint 2010 Security Token Service, Part 3

Enable federated HTTP binding for a web service and establish trust between the Windows Communication Foundation (WCF) web service and the SharePoint 2010 security token service.
ASP.NetWindows Application  .NET Framework  C#  VB.Net  ADO.Net  
Sql Server  SharePoint  Silverlight  Others  All   

Hall of Fame    Twitter   Terms of Service    Privacy Policy    Contact Us    Archives   Tell A Friend