Security for Web Services

Because they are applications layered on top of ASP.NET, Web services offer you many opportunities for configuring and implementing security. You can choose to secure things at the level of IIS itself, or in the ASP.NET layer, or in the application itself. Depending on the choices you make, nearly any type of security can be applied to a Web service.

In this section of the chapter, I'll first trace through the layers involved in a Web service, showing you where and how you can apply security. Then I'll give you some general advice on securing Web services. Finally, you'll learn a little about the new WS-Security specification, which will bring additional security tools to Web services.

Platform and Application Security ...

Get MCAD/MCSD Training Guide (70-320): Developing XML Web Services and Server Components with Visual C#™ .NET and the Microsoft .NET Framework now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.