Technology: C#.NET, REST Full Webservices, ASMX WebServices.
We are porting existing ASMX Webservices to REST Full services. This is done to cut off the overheads SOAP wrapping has been producing and most of the clients having bandwidth crunch. This helped us to reduce some overhead and earn few performance (not a major while fetching huge Data from Server).
Because REST is pure HTTP calls ( We are doing serializing / deserializing for sending parameter values and collecting return types), is the Security parameters and implementation For Rest Services different from what is done with ASMX WebServices?
For REST implementation, we have created a HTTP Handler and passing the WebMethod name from URL (But the params are passed as Stream).
Any Suggestions on this will be very helpful..
thanks
REST doesn’t specify the data format or how serialization is done. It just indicates that you are using HTTP in the way HTTP was constructed and described in the RFC specification.
The security issues all depends on your own implementation.
A checklist for you:
Go through that and you’ll have a secure service.