Securely Locking Down ASP.NET Web Services
by Kevin Koch

Securely Locking Down ASP.NET Web Services

During this tutorial we will build 2 separate ASP.NET applications: One to implement the Web Service itself, and one to implement the consumer application which uses the Web Service. By having 2 applications we can effectively simulate the service/consumer pattern which would be found in a real world application, even though in our case both applications will be running on the same machine.

The demonstration Web Service will simply provide several test services which we can call from the consumer. The purpose behind these methods is not their functionality but rather to simply have something to execute. The focus of this tutorial is how to secure the service once it’s built.

We’ll then implement a consumer ASP.NET application and show how we can gain access to the Web Service even thought it’s been completely secured and locked down.

Note: Visual Studio .NET with ASP.NET 1.1 is required for this tutorial. Both VB.NET and C# code samples will be provided

- OR -

Kevin Koch

Kevin KochKevin Koch is a senior software engineer with over 8 years experience designing and architecting primarily web based applications. Fresh out of college during the nineties he co-founded Task Solutions and developed several projects with the then popular classic ASP.

During the Dot Com boom Kevin left his position as president and joined a new venture to build an enterprise insurance claim system build upon J2EE technology. After the Dot Com crash Kevin schooled himself to become an expert with .NET technology and is currently freelancing his ASP.NET skills to build enterprise n-tier frameworks using advanced OO methodologies.

See All Postings From Kevin Koch >>

Place your review about Securely Locking Down ASP.NET Web Services

You must me logged in to write a review
Great article but....
September 19, 2007 by simon dixon

My webservice is accessed through javascript, how can I lock it down? I only want requests from my domain, say not to be allowed to access the service.



Across Different Application Platforms?
June 18, 2007 by rob brooks

Is there a way to utilize this method across .Net and Flash?