Chapter 11: General Security


Overview

Security is, has always been, and always will be a huge and often nebulous topic. Whatever we do on our computers, whether it be writing documents, developing code, or just daily calendar-keeping, security is an issue. And when we throw the Internet into the mix, security becomes even more crucial.

As a Web service developer, you have a lot to keep in mind. In this chapter, we’ll consider how to make Web services as secure as possible and examine the two aspects of security that apply to Web services:

  • Authentication Determining who a user is, usually via a username/password combination

  • Authorization Determining whether a user has permission to perform a task

We’ll start with a brief overview of Microsoft Windows security because Windows is the operating system that our .NET Web services will interact with. Then we’ll look at how users can be authenticated by Web services—by using Windows security or by using a custom method. This will involve an examination of Microsoft Internet Information Services (IIS) authentication methods.

Next we’ll look at how authorization fits in and how to determine whether users (Windows users or otherwise) are allowed to do certain things. We’ll also look at what ASP.NET Web services are allowed to do by default and how to grant them greater privileges by running them in alternative accounts or by using account impersonation.

Whenever you pass user credentials and other sensitive information around the Web, you must consider ways to secure those communications. We’ll look at two ways: using SSL connections and using our own cryptography techniques.




Programming Microsoft. NET XML Web Services
Programming MicrosoftВ® .NET XML Web Services (Pro-Developer)
ISBN: 0735619123
EAN: 2147483647
Year: 2005
Pages: 172

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net