Microsoft Web services security resources This article was written about products for which Microsoft no longer offers support. Therefore, this article is offered "as is" and will no longer be updated.
SUMMARYThis article discusses some resources that may help you
understand Web services security when you design Web services, implement Web
services, and deploy Web services. This article also discusses configurable values that can help make sure that Web service performance is efficient and that can permit all users to have equal access to a particular Web service. These configurable values can also help protect Web services against particular denial of service conditions. MORE INFORMATIONConsider security when you design Web services, build Web
services, and deploy Web services. You can subject Web services, like Web
applications, to spoofing conditions or to denial of service conditions. Visit
the following Microsoft Web site for more information about how to prevent
these conditions: http://msdn2.microsoft.com/en-us/security/aa570415.aspx (http://msdn2.microsoft.com/en-us/security/aa570415.aspx) Denial of service conditions may occur when valid SOAP requests
are sent to your Web service, and these SOAP requests cause the application, or
the XML parser, or both to perform extensive processing. The denial of service
conditions can cause the Web server that receives the SOAP request to become
extremely busy. Therefore, your service may not be able to handle other
requests efficiently.The time that the application, or the XML parser, or both spend parsing and processing a SOAP message is frequently based on the size of the message. Therefore, it is a good idea to restrict the size of a message to help avoid denial of service conditions. By default, the maximum permitted message size is 4 MB. It may be appropriate to reduce this size to the maximum size that your application requires. Also, consider reducing the maximum message size for public Web services that accept requests from unauthenticated sources. You can configure the maximum message size by using the maxRequestLength value on the <httpRuntime> element in the Machine.config file. The following code sample shows the default settings from Microsoft .NET Framework version 1.1 of the Machine.config file: http://msdn2.microsoft.com/en-us/library/aa302435.aspx (http://msdn2.microsoft.com/en-us/library/aa302435.aspx) REFERENCESFor more information, visit the following Microsoft Web
sites: Web services security http://msdn2.microsoft.com/en-us/security/aa570415.aspx (http://msdn2.microsoft.com/en-us/security/aa570415.aspx) Improving Web application security: threats and countermeasures http://msdn2.microsoft.com/en-us/library/ms994921.aspx (http://msdn2.microsoft.com/en-us/library/ms994921.aspx) Chapter 19 – Securing your ASP.NET application and Web services http://msdn2.microsoft.com/en-us/library/aa302435.aspx#c19618429_030 (http://msdn2.microsoft.com/en-us/library/aa302435.aspx) Building secure ASP.NET applications: authentication, authorization, and secure communication
http://msdn2.microsoft.com/en-us/library/aa302415.aspx (http://msdn2.microsoft.com/en-us/library/aa302415.aspx) APPLIES TO
| Article Translations
|
| United States | Change | | | All Microsoft Sites |
Help and Support
Back to the top
|
