I'm creating a web service (asmx) using asp.net mvc 3 and it has a few web methods that send and receive data. I want to encrypt this data as it goes in and out. Does anyone know of any references that might help me out? Or have a solution? I'm quite new to this, although I've done some reading I haven't found anything on the best way to protect information going in and out of the server.
Asked
Active
Viewed 593 times
1 Answers
0
I think the easiest thing to do is to make your web service endpoints secure using SSL certificate.
See this MSDN article for more info
Also, I would recommend using WCF as it will give you more configuration options (a lot more!) but is also widely used. See this article for more info about using SSL with WCF
brodie
- 5,354
- 4
- 33
- 28
-
Thanks for the reply! So if I used SSL certificate this would encrypt the data that I send out from the server? I wouldn't have to create an encryption class or something and have synchronized keys if I used the certificate? – Tom Sep 12 '11 at 02:29
-
that's right - the data would be encrypted at the transport layer (see http://en.wikipedia.org/wiki/Transport_Layer_Security) – brodie Sep 12 '11 at 02:32
-
if you are storing sensitive information in a database then I recommend encrypting that data (see this question for hints on that - http://stackoverflow.com/questions/202011/encrypt-decrypt-string-in-net) – brodie Sep 12 '11 at 02:34