ASP.NET Web Service and Authentication Lockdown for Certain Applications?

If the service is hosted in IIS 7+ it is rather trivial to add IP restriction support without the need to change any code. You can use 'Address and Domain Restrictions' module to restrict inbound connections to the service at the site or virtual directory level.

Up vote 0 down vote favorite share g+ share fb share tw.

I have a registration service (.NET, preferably REST based) that is shared between three applications. Two . NET applications and one Java.

They both will register users through this registration service. The registration API lives on it's own server. My question is what is the best/correct way to authenticate the registration request going to the registration service if a user isn't logged in?

Does a secret key need to be involved? Should a username/password be shared between all applications using the registration service? Should I block IP's that don't come from the three application services?

.net web-services authentication link|improve this question asked Feb 3 at 20:42Mike Flynn1,0851520 84% accept rate.

If the service is hosted in IIS 7+ it is rather trivial to add IP restriction support without the need to change any code. You can use 'Address and Domain Restrictions' module to restrict inbound connections to the service at the site or virtual directory level. technet.microsoft.com/en-us/library/cc73... Otherwise if you want to go beyond plain IP restrictions, you will most likely need to change code and leverage some sort of authentication store to accomplish this.

I think that it is difficult to assess what is best/correct given the limited information provided. For example, if the service in question is a WCF service, you may be able to leverage Windows and/or NTLM authentication with no code changes if the callers are . NET clients by merely editing the WCF server and client binding configurations.

The correct approach would take into consideration the exposure risk of leaving the registration service unprotected and couple it with the effort involved in securing it. There is no one size fits all approach to this kind of question.

I cant really gove you an answer,but what I can give you is a way to a solution, that is you have to find the anglde that you relate to or peaks your interest. A good paper is one that people get drawn into because it reaches them ln some way.As for me WW11 to me, I think of the holocaust and the effect it had on the survivors, their families and those who stood by and did nothing until it was too late.

Related Questions