secure webservice
in [Advanced Techniques]
|
From: Nick201 on 9 Apr 2008 14:00 How to secure webservice. I try using coldfusion administrator . I mean when i register webservice i put userid and password. But it doesn't work. Is there any other way to secure it
From: "JR "Bob" Dobbs" on 9 Apr 2008 16:35 The user and password in the CFIDE administrator are used for accessing web services which require basic authentication. To secure web services you are publishing you should rely on the authentication mechanisms (such as basic authentication or Windows authentication) supported by your web server (IIS or Apache). See your web servers documentation or Chapter 48 of the ColdFusion Developer?s Guide under and the topic "Securing your web services". Note that basic authentication is the most commonly supported type and can be used by Windows and *nix systems. http://livedocs.adobe.com/coldfusion/8/cf8_devguide.pdf
From: Nick201 on 11 Apr 2008 14:41 But if some one calling my webservice then how can i pass userid and password. Because they are not using coldfusion. Let say they are using .Net how they can pass userid and password, which i am passing in cfinvoke.
From: "JR "Bob" Dobbs" on 11 Apr 2008 17:38 Basic authentication is platform agnostic. A .NET program could authenticate by using a NetworkCredential object to create an HTTP request that has the authentication information. NetworkCredential class (.NET) http://msdn2.microsoft.com/en-us/library/system.net.networkcredential.aspx Example of consuming web services in .NET, includes basic authentication using NetworkCredential object http://authors.aspalliance.com/QuickStart/aspplus/default.aspx?url=/quickstart/a spplus/doc/secureservices.aspx Overview of basic authentication http://en.wikipedia.org/wiki/Basic_authentication
From: prasanth25 on 12 Apr 2008 03:26
Hi, As of now, we do not have native methods to secure Webservices. One think you can do is to pass the userid and password as parameters and then validate that in each of the functions inside the CFC. -Prasanth |