Securely Locking Down ASP.NET Web ServicesDuring this tutorial we will build 2 separate ASP.NET applications: One to implement the Web Service itself, and one to implement the consumer application which uses the Web Service. By having 2 applications we can effectively simulate the service/consumer pattern which would be found in a real world application, even though in our case both applications will be running on the same machine.
The demonstration Web Service will simply provide several test services which we can call from the consumer. The purpose behind these methods is not their functionality but rather to simply have something to execute. The focus of this tutorial is how to secure the service once it’s built.
We’ll then implement a consumer ASP.NET application and show how we can gain access to the Web Service even thought it’s been completely secured and locked down.
Note: Visual Studio .NET with ASP.NET 1.1 is required for this tutorial. Both VB.NET and C# code samples will be provided