Skip to main content
A
Anonymous
April 9, 2008
Question

secure webservice

  • April 9, 2008
  • 6 replies
  • 2388 views
How to secure webservice. I try using coldfusion administrator . I mean when i register webservice i put userid and password. But it doesn't work. Is there any other way to secure it
This topic has been closed for replies.

6 replies

S
samunplugged
Participating Frequently
June 2, 2008
Nick,

I have just finished a project with similar requirement. The problem here is that it appears almost impossible to specify soap-headers you want to accept in your WSDL.

If I am not wrong, thats what the problem you are facing?

Prasanth_Kumar_S
Prasanth_Kumar_S
Inspiring
May 30, 2008
Nick,
As I have suggested before, give a user name and password arguments for the functions that you require. When the web service is called, you can check the Database for the valid combination and return the data accordingly.

-Prasanth
A
Anonymous
April 18, 2008
How can I use this code in coldfusion for websecurity.

<soap:Envelope xmlns:soap=" http://schemas.xmlsoap.org/soap/
envelope/">
<soap:Header>
<AuthHeader xmlns=" http://tempuri.org/">
<UserName>jeff</UserName>
<Password>imbatman</Password>
</AuthHeader>
</soap:Header>
<soap:Body>
<GetQuote xmlns=" http://tempuri.org/">
<symbol>msft</symbol>
</GetQuote>
</soap:Body>
</soap:Envelope>
J
JR__Bob__Dobbs-qSBHQ2
Inspiring
April 18, 2008
Take a look at some of the SOAP related functions such as AddSOAPRequestHeader and GetSOAPResponseHeader

http://livedocs.adobe.com/coldfusion/8/htmldocs/help.html?content=functions-pt0_21.html#3468770
A
Anonymous
April 18, 2008
What do I have to do for basic authentication. I am new to webservice.
Aslo how to use cflogin for webservice. any good example. thanks
D
Dan_Bracuk
Inspiring
April 12, 2008
quote:
Originally posted by: Nick201
How to secure webservice. I try using coldfusion administrator . I mean when i register webservice i put userid and password. But it doesn't work. Is there any other way to secure it

Secure it against what?
A
Anonymous
April 11, 2008
But if some one calling my webservice then how can i pass userid and password. Because they are not using coldfusion. Let say they are using .Net how they can pass userid and password, which i am passing in cfinvoke.
J
JR__Bob__Dobbs-qSBHQ2
Inspiring
April 11, 2008
Basic authentication is platform agnostic. A .NET program could authenticate by using a NetworkCredential object to create an HTTP request that has the authentication information.

NetworkCredential class (.NET)
http://msdn2.microsoft.com/en-us/library/system.net.networkcredential.aspx

Example of consuming web services in .NET, includes basic authentication using NetworkCredential object
http://authors.aspalliance.com/QuickStart/aspplus/default.aspx?url=/quickstart/aspplus/doc/secureservices.aspx

Overview of basic authentication
http://en.wikipedia.org/wiki/Basic_authentication
Prasanth_Kumar_S
Prasanth_Kumar_S
Inspiring
April 12, 2008
Hi,
As of now, we do not have native methods to secure Webservices. One think you can do is to pass the userid and password as parameters and then validate that in each of the functions inside the CFC.

-Prasanth
J
JR__Bob__Dobbs-qSBHQ2
Inspiring
April 9, 2008
The user and password in the CFIDE administrator are used for accessing web services which require basic authentication.

To secure web services you are publishing you should rely on the authentication mechanisms (such as basic authentication or Windows authentication) supported by your web server (IIS or Apache). See your web servers documentation or Chapter 48 of the ColdFusion Developer’s Guide under and the topic "Securing your web services". Note that basic authentication is the most commonly supported type and can be used by Windows and *nix systems.

http://livedocs.adobe.com/coldfusion/8/cf8_devguide.pdf
Terms & ConditionsAccessibility statement
Using the community Terms of use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices