How can I secure an webservice so my clients can use it on their applications without having to fear that their api keys will be used in other applications?
Share
Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
How can I secure an webservice so my clients can use it on their applications without having to fear that their api keys will be used in other applications?
Assuming that:
your services
your client, so they will host the
webservices.
Take a look at the WCF Security Guidance from P&P group: http://wcfsecurity.codeplex.com/
It helped us a lot in defining our security strategy, based on our requirements.
In summary you need to understand how your webservices will be used, what your users will be authenticated and authorized, and based on this, implement the required configuration/code changes.
I hope this helps.
Wagner.