C# - Security On A WCF Public Web Service
Nov 19, 2010
I'm building a complex, public web service in WCF that send email to a specific address, similar to a contact form but with some features.With jQuery I get the data from the textbox and with Ajax and json I send to the web service the strings to proceed at the send.
Now, is there a good way to make it secure?
I mean.. the service is public so someone can have access to it and starting to spam on this address. Can I restrict the users to use the web service only from the correct web site?
View 2 Replies
Similar Messages:
May 14, 2010
By default web service is enable for windows authentication. But if we want to expose our service to public domain, then I guess we have to use some specific credential for web service authentication. Can anyone tell me how to set those credential at service side and validate it for client and how the client will send those credentials?
View 1 Replies
Sep 17, 2010
I have an web application that encrypts data using a public and sent it to another web application. Which will then decrypt the data using a the user private key. My question is, since but the Private and Public key are generated in the first application. how does the other application get the private?
View 2 Replies
Mar 18, 2010
Due to a bug in Flash, I have to use the ASPXAuth cookie to log a user in on a page that a flash upload script calls after upload. See this page for more information: [URL]
I have to make the ASPXAUTH string "public" in the sense that it will be in the HTML of the page. My question is, how secure is this?
I understand that anyone that can get to the string in the HTML can probably get to it from the cookie just as easily, but let's say someone does have this ASPXAUTH string. Is it possible that they can login as another user using this cookie? Would they be able to decrypt it?
View 1 Replies
Mar 10, 2010
I have developed An Inventory Management System in ASP.Net . The application is hosted now ... From manager to data entry operator every1 z having seperate login , roles and limitation to access website ... From Our office every1 is accessing the application and working on it. My question is even they can access the apllication from public PC (Browseing Center) ?? coz they knew the password. Am i rite. Now, I need to restrict my application access in public PC (Browseing Center)? Can i limit accessing of my website application only in office not in public PC (Browseing Center)? can i allow certain IP to access my website application?
View 11 Replies
Apr 21, 2010
I have a folder called <mysite>/Pages. This folder is PUBLICIn this folder I have a aspx page called : MySecure.aspx I have on the default.aspx page a hyperlink to the "~/Pages/MySecure.aspx page".I want to limit access to the MySecure page to only those in a Admin role (so no members no guests or www users can see it. I dont want to move MySecure.aspx into a secure folder.This is what I did in the wedconfig
<location path="Pages/MySecure.aspx">
<system.web>
<authorization>
[code]...
View 5 Replies
Feb 10, 2011
I can access a module from code behind but not from the aspx page in inline VB code <% ... %>.
I know its got to be something simple but I can't seem to find the answer anywhere.
View 1 Replies
Feb 10, 2010
My site is 100% private (only public facing page is login) I've had the need to open up a page to anon via the <location> node in the web config...and that all seems to work However the issue now appears to be that dynamic resources such as the Telerik.Web.UI.WebResource.axd and imagesjavascript changed via handlers dont load. A firebug of the situation shows that for those dynamic elements, it's trying to re-direct to login to get them Is there anyway around this?
View 3 Replies
Jan 9, 2010
access the page on public section of the website from the admin section,while logged in?Or i am causing a security hole,jumping like this?all admin section pages have role based authorization and can not be accessed unless authenticated.Public of course is accessible to anyone.
View 6 Replies
Aug 26, 2010
How do declare a public variable .aspx web page that can be used in all the pages within my web application? And/or create a Public Sub?
View 3 Replies
Apr 24, 2010
I am working with RSA Algorithm recently.
I want to use RSACryptoProvider for this purpose.
But i want to use my custom Key instead of default key
for example my public Key =(187, 7)
and my private key=(187,23)
how can i pass my public and private key at RSACryptoProvider
View 2 Replies
Jun 16, 2010
I am interested in finding out how I would go about displaying a website wiithout forms authentication but to utilise forms authentication when the user makes a request by clicking in the signin button, and then the user will view other pages that are private and secure,
View 2 Replies
Jan 23, 2010
I am writing two ASP.NET apps. One is a web service that provides xml data and the other is a web client that will use the service to display and manipulate data. I would like for the web service to do the membership authentication and authorization. Is there any way to simply point the login controls in my client application to the web service instead of to a database. I assume I would have to provide the necesarry methods in my web service interface, which would then use the membership provider database I created and pass the results back through to the client.
Is this possible? I have seen many articles on security provisioin from a web service but none has really been what I am looking for. I was hoping that, since my service and my client are both written in ASP.NET, there might be some built functionality that would benefit me.
View 8 Replies
Jan 27, 2011
I have a question about C Sharp ASP.NET:Is there a difference (in code speed, resources) between:public static variable declared in public static class MyGlobals in a 'Code File' template;and the variable declared in a normal 'Class File' template;I use this variable in 2 different Class Files and also in _Default Page codebehind cs file.In fact in my case I need about 20 global variables of type List<string>.
View 9 Replies
Dec 15, 2010
I have to invoke SSIS packages from web service in the most secure way. I think that windows authentication will be secure but i am not sure. I do not have much knowledge about how to achieve this and the information on the internet is very distributed.
View 1 Replies
Nov 19, 2010
I have some problem about keeping "Generated Public and Private Asymmetric Keys" in web.config.
At first, I generate key from external application, the result keys are in the xml files named "PublicKey.xml" and "PrivateKey.xml".
Key example,
<RSAKeyValue><Modulus>xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx</Modulus><Exponent>AQAB</Exponent><P>3lJSXraj/fffffffffffffffff</P><Q>th/FSSSSSSSSSSSSSSSSSSSSS</Q><DP>FFFFFFFFFFFF</DP><DQ>A0SfrELG91Fz8/LmcqwlZRu7a7ZVldC1fAtsK+6M6aQ3d4dBp5coDP6wz5ah2dFrbinpVZjSjLmLXYSmTK2aYQ==</DQ>
[code]....
I want to keep above generated key in the web.config for using the other thing.
How can I keep "Generated Public and Private Asymmetric Keys" in web.config?
View 1 Replies
Jan 21, 2010
I've set up a system with forms based authentication and using the asp:Login control. When I put in an invalid password I get the approriate invalid password message. However when I put in a valid password, it does nothing...just returns to the login page again. I'm triple checked the login info. There is no error message, and the invalid attempts counter doesn't increment. When I put a break point in the Login_LoggedIn event of the Login form, it hits it, but User.Identity.IsAuthenticated is false. I'm not 100% sure it should be true at this point, as I'm pretty new to .NET but it seems kind of odd.
My user database is stored in a sqlserver 2005 db that already existed. I've added a new connection for it.In the authorization I have
<authorization>deny
users="?"/><authorization>
View 2 Replies
Sep 27, 2011
I am learning web service from [URL]
I created a new project and copied code from above link as below, it works.
But once change webmethod to use SQL table, I got "Can not load WSDL" error.
Code:
Imports System
Imports System.Web.Services
Public Class TempConvert :Inherits WebService
[CODE]...
View 8 Replies
Nov 24, 2010
I'm having VS 2008 and OS vista. When I try to create a web service in IIS it gives me a error tht I shud run the VS 2008 as admin then create a web service. When I run as admintrator and create the web service then no problem. Is it possible to create the web service without running as administrator?
View 6 Replies
Jan 5, 2010
I'm getting this exception randomly in one webservice, it used to happen in the first call only, and in the second calls and so on it works fine ... and after a while without use the webservice it happens again. It seems to be that when the AppDomain is not loaded, the first time fails... and subsequent calls are ok; when IIS shutdown the AppDomain... the next call will fail again.
[code]....
View 4 Replies
Jul 2, 2010
I have added a service from a Win2003 server to my Visual Studio project on WinXP machine. Create an oject for this service went OK. But when I tried to run a method in the service I get "401 web exception while accessing a service.".
How to proceed?
View 1 Replies
Apr 12, 2010
have been facing a problem in passing credentials to a web service. I have searched a lot on it and found solution but they didn't work for me coz the scenario with me little different I believe.The situation is like this. I have a 3rd party web service "https://3rdpartyserver/virtualdirectroy/service/service.aspx".So when I try to browse the service in IE it takes me to the login page ("https://3rdpartyserver/virtualdirectroy/Loginpage.aspx"), when I enter usename and password in it and hit Log In button it takes me to the service where all the web methods are listed
View 3 Replies
Feb 24, 2010
I have never write code like this... so I am trying to explian what problem I meet here..
assuming I have 2 web service
one named WS1 another named WS2
WS1 (send data to WS2) → WS2 then WS2 (receive data from WS1 and do something then return result to WS1)→WS1
if I want to add digital signature between WS1 and WS2 so that WS1 connecting to WS2 , WS2 will recognize who is connecting by digital signature
what do I need if I want to do that? and how to do?
View 2 Replies
Jun 17, 2010
I have a rather strange situation that I am in.
I have to write a web-service that will (among other things) communicate with another web service. When we communicate with that remote web-service we are required to use a certificate that they provided.
I am having a really hard time trying to find any sample code that does this.
I have found code for installing certs when you want to use a browser to communicate, but none when you are using a web-service to web-service and you are required to HAVE the certificate, not requiring the OTHER end to have the certificate.
So far I cannot even find code to allow me to parse throught the cert store. Samples I found online show up as errors in Visual Studio 2005.
Note: This is running one Windows 2000, designed with Visual Studio 2005, asp.net 2.0
View 1 Replies
Aug 11, 2010
I have created a WCF service that will serve as authentication service for Silverlight client.The problem is that when I make a call to FormsAuthentication.SetAuthCookie in the Login method below, I get a null reference exception. I am following the 'Securing Applications Built on Silverlight and WCF' (http://www.componentart.com/community/blogs/milos/archive/2009/05/07/securing-applications-built-on-silverlight-and-wcf.aspx)
[Code]....
View 1 Replies
