Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
I used to deal with web services and we secured it using the credential header with soap. The calling application would need to pass a username and password in the credential header. We are now looking at using a WCF restful based webservice and want to secure it. Wondering what the best way to secure it is?
I was thinking that I could stuff a username and password in the POST variables (this thats what they are called). But is this the proper way to secure a restful web service?
This link describes how to use WCF with WS-Security.
This link describes what WS-Security is.
This link describes the architecture of the WCF security component.
Not sure if you can combine those with REST but know that HTTP has an authentication mechanisms of it’s own (See Basic authentication and Digset authentication and this overview about both).
The RESTful way to do it imo would be using the HTTP authentication.
I think you have some research to be done 🙂