About Securing Web Services in .Net Framework

Web Services is the promising technology that allows enterprises to share and integrate applications across different platforms. Since anybody can consume web services from anywhere and from any platform, this makes it prone to security threats. By security threats, we mean that no unauthorized user should access, modify, or damage the information.

Web Services are mostly used in distributed environments and their data, code, and description are widely moved across different security domains. Suppose web services pass to another domain then it should carry the same security restrictions provided by the sender. Simple Object Access Protocol (SOAP) is the communication level protocol that has security extensions. These extensions have been defined by W3C XML Encryption Working Group. They have defined a standard, XML Encryption, which is extensively used to encrypt and decrypt the messages.

Though SOAP is the default protocol for web services, .Net Framework has in built options that allow you to expose or consume web services. The .Net Framework has three classes such as Uri, WebRequest, and WebResponse. The Uri class consists of the Uniform Resource Indicator (URI) through which you can call the required web services. The WebRequest class encapsulates a request to access web services from a network resource. The WebResponse class acts as a warehouse for all the incoming responses from the network resource.

Apart from the above security standards, W3C with the cooperation of IBM, Microsoft and VeriSign has developed a common standard called WS-Security. WS-Security is almost similar to the XML Encryption method. The only difference is that WS-Security also allows the sender of web services to sign through XML Digital Signature. Apart from XML Encryption and XML Digital Signature methods, W3C is also planning to launch technologies like XML Key Management Specification and Security Assertion Markup Language (SAML).

“Amazon and the Amazon logo are trademarks of Amazon.com, Inc. or its affiliates.”

| Privacy Policy for www.dotnet-guide.com | Disclosure | Contact |

Copyright - © 2004 - 2024 - All Rights Reserved.