Chapter 10
Building Secure Web Services
By nature, many Web services reside in the most hostile of environments—the Internet. For this reason, your Web services must employ appropriate security technologies. You can use an approach known as threat modeling to determine which parts of your application are most at risk and what tools and techniques you should employ to mitigate the threats.
In this chapter, I explain threat modeling in detail and how it applies to building secure Web services. I then discuss security technologies provided by Microsoft Internet Information Services (IIS) 5 and 6, and I also discuss important XML-based security technologies such as XML Signatures and XML Encryption and how the Microsoft .NET Framework supports them. Finally I look at common security mistakes people make when building Web services and how you can avoid making errors that lead to insecure Web services.