0

I have a website that communicate with the webservice(the website doesn't have Database all communication via Webservice).

so you can access this webservice, you need a AES key to encrypt some fields and the webservice verify this encryption.

the AES key used in the website I put it in web.config for test,but I don't think this is a good approach for production.

so my question is where to store the AES key for the website.

iaskari
  • 24
  • 1
  • 4
  • So you want to "secure" a web service that is publicly accessible. Who do you want to want to protect it from? Are there some privileged users and some unprivileged users? Or do you have an app that should be the sole accessor of that webservice? Please [edit] your question to describe your situation more. – Artjom B. Oct 16 '16 at 08:59
  • my question is where to store the AES key for the website,because now I store it in web.config and I dont thing is a good Idea for production. – iaskari Oct 16 '16 at 09:13
  • We can't tell if it is a good idea or not, because your situation is not entirely clear. – Artjom B. Oct 16 '16 at 14:35

0 Answers0