we have a public asmx service that is accessed by our clients through SOAP. Until now, only security is that no one other than our clients know about our webservice :). i want to implement some sort of security mechanism on this service. I have gone through this article. it seems to me quite good. Is there any better alternative for securing the asmx services? and is passing login credentials with SOAP headers a good idea (this is what is written in the article) ? Any suggestions, advices?
we have a public asmx service that is accessed by our clients through SOAP
Share
I think this article is a better solution:
http://www.codeguru.com/csharp/csharp/cs_webservices/security/article.php/c19403/Web-Services-Security-in-The-NET-Framework.htm
It uses the standard WSS ( http://en.wikipedia.org/wiki/WS-Security )