About Securing Web Services in .Net Framework
Web Services is the promising technology that allows enterprises to share and integrate applications across different platforms. Since anybody can consume web services from anywhere and from any platform, this makes it prone to security threats. By security threats, we mean that no unauthorized user should access, modify, or damage the information.
Web Services are mostly used in distributed environments and their data, code, and description are widely moved across different security domains. Suppose web services pass to another domain then it should carry the same security restrictions provided by the sender. Simple Object Access Protocol (SOAP) is the communication level protocol that has security extensions. These extensions have been defined by W3C XML Encryption Working Group. They have defined a standard, XML Encryption, which is extensively used to encrypt and decrypt the messages.
Though SOAP is the default protocol for web services, .Net Framework has in built options that allow you to expose or consume web services. The .Net Framework has three classes such as Uri, WebRequest, and WebResponse. The Uri class consists of the Uniform Resource Indicator (URI) through which you can call the required web services. The WebRequest class encapsulates a request to access web services from a network resource. The WebResponse class acts as a warehouse for all the incoming responses from the network resource.
the above security standards, W3C with the cooperation of IBM, Microsoft
and VeriSign has developed a common standard called WS-Security. WS-Security
is almost similar to the XML Encryption method. The only difference is
that WS-Security also allows the sender of web services to sign through
XML Digital Signature. Apart from XML Encryption and XML Digital Signature
methods, W3C is also planning to launch technologies like XML Key Management
Specification and Security Assertion Markup Language (SAML).
to our mailing list and receive new articles
: We never rent, trade, or sell my email lists to
Visit .NET Programming Tutorial Homepage