ASP.NET webservice API security.

Posted by Tejaswi Yerukalapudi on Stack Overflow See other posts from Stack Overflow or by Tejaswi Yerukalapudi
Published on 2010-05-17T01:59:31Z Indexed on 2010/05/17 3:30 UTC
Read the original article Hit count: 329

Filed under:

ASP.NET

|

webservice

|

security

|

iphone

Hi,

I have an iPhone app accessing an ASP.NET Webservice for data. Since I'm building both the ASP.NET end and the iPhone part of the app, and we'll shortly be publishing it in the Appstore, I'd like to know what security checks I need to make.

The basic flow of the program (without divulging too much info about it) is as follows -

. Login (Enter Username, pass on the app)
. Primary screen where the data is loaded from a webservice and presented
. And post data back after a few updates by the user

I'm using POST to send the data to the Webservice via HTTPS. I'm sanitizing the inputs, checking for length of the inputs, but that's the limit of my knowledge as far as security goes. Any other tips are greatly appreciated!

Edit: I should probably add that our service needs to be subscribed to separately and the iPhone component of it cannot be used alone. So the average user will not have login credentials. And the app itself has healthcare data in it, so I'd rather not have anyone trying attacks from my login page.

Thanks,
Teja.

© Stack Overflow or respective owner

Related posts about ASP.NET

Migrating ASP.NET MVC 1.0 applications to ASP.NET MVC 2 RTM

as seen on ASP.net Weblogs - Search for 'ASP.net Weblogs'
Note: ASP.NET MVC 2 RTM isn’t yet released! But this tool will help you get your ASP.NET MVC 1.0 applications ready for when it is! I have updated the MVC App Converter to convert projects from ASP.NET MVC 1.0 to ASP.NET MVC 2 RTM. This should be last the last major change to the MVC App Converter… >>> More
April 14th Links: ASP.NET, ASP.NET MVC, ASP.NET Web API and Visual Studio

as seen on ASP.net Weblogs - Search for 'ASP.net Weblogs'
Here is the latest in my link-listing blog series: ASP.NET Easily overlooked features in VS 11 Express for Web: Good post by Scott Hanselman that highlights a bunch of easily overlooked improvements that are coming to VS 11 (and specifically the free express editions) for web development: unit… >>> More
Use ASP.NET 4 Browser Definitions with ASP.NET 3.5

as seen on ASP.net Weblogs - Search for 'ASP.net Weblogs'
We updated the browser definitions files included with ASP.NET 4 to include information on recent browsers and devices such as Google Chrome and the iPhone. You can use these browser definition files with earlier versions of ASP.NET such as ASP.NET 3 Read More......(read more) >>> More
ASP.NET webforms + ASP.NET Ajax versus ASP.NET MVC and Ajax framework freedom

as seen on Stack Overflow - Search for 'Stack Overflow'
If given the choice, which path would you take? ASP.NET Webforms + ASP.NET AJAX or ASP.NET MVC + JavaScript Framework of your Choice Are there any limitations that ASP.NET Webforms / ASP.NET AJAX has vis-a-vis MVC? >>> More
ASP.NET MVC 2 Released

as seen on ASP.net Weblogs - Search for 'ASP.net Weblogs'
I’m happy to announce that the final release of ASP.NET MVC 2 is now available for VS 2008/Visual Web Developer 2008 Express with ASP.NET 3.5. You can download and install it from the following locations: Download ASP.NET MVC 2 using the Microsoft Web Platform Installer Download… >>> More

Related posts about webservice

Unable to call webservice from another webservice : NETBEANS

as seen on Stack Overflow - Search for 'Stack Overflow'
############## WEBSERVICE 1 (banking.java) package bank; import client.TestserviceService; import javax.jws.WebMethod; import javax.jws.WebService; import javax.xml.ws.WebServiceRef; @WebService() public class banking { @WebServiceRef(wsdlLocation = "WEB-INF/wsdl/localhost_23164/testwebservice/testserviceService… >>> More
[MAJ] Utilisation d'un Webservice simple en .NET - Exemple d'utilisation de WebService avec .NET

as seen on ASP-PHP.net - Search for 'ASP-PHP.net'
Mise en ligne de la version .NET 2.0 pour Visual Studio 2005 du controle. >>> More
URL Rewrite in IIS7 Web Service - WebService.asmx => WebService in the SOAP doc

as seen on Server Fault - Search for 'Server Fault'
I have an IIS7.5 (Server 2008 R2) based web service that I would like to make as independant on the current implementations technology as possible. I am using the URL rewrite module (http://learn.iis.net/page.aspx/734/url-rewrite-module/) to remove the .asmx portion of the URL and that is working… >>> More
how can I invoke a webservice from another webservice

as seen on Stack Overflow - Search for 'Stack Overflow'
I have two webservices A and B. A needs to invoke one of the webMethods in B. How can I achieve this? I am using maven's wsimport plugin to build A. This is to generate the necessary stubs for B and include them as part of the Webservice A. However, when I try to Invoke the webmethod o f B, I get… >>> More
URGENT : Consuming apachesoap:Map complex datatype in webservice using .net with webservice methods

as seen on Stack Overflow - Search for 'Stack Overflow'
web service methods written in java & a method return type is map how can i get value from map type? when i call getDetails then it return result properly but when i call getCit method it return a nothing in response because of map type. i .net there is no data type like map type Dim objweb… >>> More