5

I used to deal with web services and we secured it using the credential header with soap. The calling application would need to pass a username and password in the credential header. We are now looking at using a WCF restful based webservice and want to secure it. Wondering what the best way to secure it is?

I was thinking that I could stuff a username and password in the POST variables (this thats what they are called). But is this the proper way to secure a restful web service?

the_drow
  • 18,571
  • 25
  • 126
  • 193
Exitos
  • 29,230
  • 38
  • 123
  • 178
  • look at [this](http://stackoverflow.com/questions/141484/how-to-configure-secure-restful-services-with-wcf-using-username-password-ssl) question – Renatas M. Jun 09 '11 at 09:52

1 Answers1

6

This link describes how to use WCF with WS-Security.
This link describes what WS-Security is.
This link describes the architecture of the WCF security component.
Not sure if you can combine those with REST but know that HTTP has an authentication mechanisms of it's own (See Basic authentication and Digset authentication and this overview about both).
The RESTful way to do it imo would be using the HTTP authentication.
I think you have some research to be done :)

the_drow
  • 18,571
  • 25
  • 126
  • 193
  • I did not find any information about securing a restfull wcf service in the mentioned links. – BetaRide Jun 26 '12 at 06:32
  • @BetaRide: Using those protocols you can. Just find the WCF docs. Right now I'd recommend using the Microsoft Web-API. – the_drow Jun 28 '12 at 14:30