Security on WCF REST service Dotnet.

Question

0.00/5 (No votes)

See more:

Hi,

I have a created a REST Service method, which is pulling some personal information to the client, but I want this service to be secure so that this cannot be spam at all. As REST service method can be access through URI directly, please suggest me how can I stop unknown client to use it.

I need to implement it ASAP, looking forward for your soonest revert.

Thanks,
Pankaj Bahuguna
[[[ Email Deleted ]]]
[[[ Mobile Deleted ]]]

Posted 14-Jan-15 23:11pm

myself.panku

Updated 14-Jan-15 23:48pm

Tadit Dash (ତଡିତ୍ କୁମାର ଦାଶ)

v2

Add a Solution

1 solution

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

geo_m · Answer 1 · 2015-01-15T02:48:00

Solution 1

Depends on many things, if your audience is limited (there is known list of authorised clients, you can limit them somehow) I would:

1) Use TLS (SSL) on the wire = https
2) Use client side certificates for authorization
3) Build a firewall rules to enforce connection on the network layer

these are mostly administration issues, so may have no impact on the code at all.

Posted 15-Jan-15 2:48am

geo_m

Comments

myself.panku 15-Jan-15 9:15am

Thanks for your time.

I am interested in case we have some credential sort of thing within request header to validate(custom validation) the user.

Looking forward for your revert.

Thanks.

geo_m 15-Jan-15 9:25am

That would need deeper knowledge of the situation. As you probably need only authentication, while using TLS, you may just use basic authentication (due to .net4 tag assuming you're using IIS). Or if the situation allows, you might consider using NTLM (Windows Authentication). Both of them will be handled by IIS for you automatically.
Also for advanced stuff you may look at http://msdn.microsoft.com/en-us/library/ff359110.aspx (but I personally never did something with that as it is not suitable to our needs :( )

Some other stuff would probably need code changes.