Security in .Net WS

[Nathan]

Hi:
I have a web service, which updates the database on the
server side, when an order has been made at the client
side (remote web site). Obviously, I can't send the
details as plain text. So, here are my questions:

1. Will making the web service on secure HTTP
connection help? For example, suppose I have
http://www.56712.com/ service.asmx. Just putting the web
service on SSL enabled server should work, right? The
client invokes the web methods using:
https://www.56712.com/ service.asmx instead of the above
URL. Will that solve?
2. If I do encryption/decryption of the data using
the Classes provided by .Net. I have to find equivalent
implementations of the encryption/decryption algorithm
for the clients (may be Java or ASP), which consume the
web services.
3. Are there any better methods of making the data
passed to web method secure? If so, please help me. I
want a solution which is truly language independent
(irrespective of what language the client is)

Any useful suggestions/solutions/comments are appreciated.

Thanks in advance.

Nathan

 

[Arthur Nesterovsky]

Hi,

1. Will making the web service on secure HTTP
connection help? For example, suppose I have
http://www.56712.com/ service.asmx. Just putting the web
service on SSL enabled server should work, right? The
client invokes the web methods using:
https://www.56712.com/ service.asmx instead of the above
URL. Will that solve?

Yes this is a good decision.

3. Are there any better methods of making the data
passed to web method secure? If so, please help me. I
want a solution which is truly language independent
(irrespective of what language the client is)

If the clients will be only .NET applications, in this case
you can use WSE for signing and encrypting your data.
______________________________
With best wishes, Arthur Nesterovsky
Please visit my home page:
http://www.nesterovsky-bros.com