I created an android app which uses Web Services (I use vb.net for developing it). These web services reside on my Server (I use IIS). If I open the HTTP path, associated to these WS, I can use it freely. But in this way, any other user can use my WS. How can I make it secure?
Asked
Active
Viewed 113 times
0
-
http://msdn.microsoft.com/en-us/library/ff648643.aspx - Building Secure .Net Web Services – Scott Selby Nov 20 '12 at 15:45
2 Answers
0
I would start with a client-authentication certificate. That way, if you don't have the certificate, you don't get in. And use https not http.
Chris Thornton
- 15,620
- 5
- 37
- 62
0
The basic way I can think of is setting a "password" or a string from your app, salted and encrypted, in case someone tries to decrypt it directly from the app, and doing a check on the Web service, and run the service only if the password matches.
Anyway if the information you use is sensitive and you want to make it really safe, maybe you will want to consider using HTTPS/SSL to avoid sniffing.
aleation
- 4,796
- 1
- 21
- 35
-
My first problem is make the WS not accessible by anyone. I used a field in the input parameter sended to WS that identificate a user. But however a ill-intentioned can send repeated requests trying with some password. – GVillani82 Nov 20 '12 at 15:56
-
The only way I can recall avoiding to access your WS would be using ip restrictions - which is not viable at all for apps, or even mac-restriction (saved maybe when you install or register the app) but again, mac address can be faked, but would cut down the circle a bit. So If nobody comes with a better idea you will have to work something out to counter brute force attacks,maybe a counter of requests/minute from a user,and block it temporally if the request number is insane. I know my suggestions are a bit basic, just trying to help out a bit and see if they make you come up with something – aleation Nov 20 '12 at 16:12