问题
I have been trying to encrypt soap message and send to the server, so that the server can decrypt, process the message, encrypt the response again and send back to the client...
I short i want to implement security in ASMX web services....
Please help me
Thanks Sandeep
回答1:
https and soap extensions are good solutions; you can always 'roll your own' by encryting the inputs and outputs directly
[WebMethod]
public string SecureMethodX(string secureInput)
{
string plainText = decrypt(secureInput);
//do something...
string encryptedResult = encrypt(someResult);
return encryptedResult;
}
this becomes a pain if you have several methods, but if you have a specific one-off need (such as passing hardware fingerprints and/or license keys between client and server) then this solution is probably the simplest to implement
回答2:
What's wrong with using HTTPS?
回答3:
Take a look at SOAP extensions. They allow you to monkey with the SOAP stream on both the client and server. They're nice because you can leave your service code alone - manipulation occurs before a webmethod begins and after it ends. They work a lot like an HttpModule but can be included on the client/request side as well.
- http://msdn.microsoft.com/en-us/library/system.web.services.protocols.soapextension.aspx
- http://msdn.microsoft.com/en-us/magazine/cc164007.aspx
- http://www.theserverside.net/tt/articles/showarticle.tss?id=SOAPExtensions
回答4:
HTTPS is a standard for encrypting web services. I use this for encrypting a web service.
来源:https://stackoverflow.com/questions/327162/encrypting-soap-in-net