How to protect my server methods

Question

How to protect my server methods

I just read some posts about hiding Silverlight code. The main conclusion was that you can confuse it, but you cannot hide it, so safe things must be done on the server. But then anyone can see through Fiddler what data is sent to a particular web service. For example, they can see that I am calling UpdateCustomer.asmx. And if they do, what can I do to prevent them from calling this asmx? Is there a way to allow only “my Silverlight application” to call this method?

+5

security silverlight

Michel Mar 05 '10 at 23:56

source share

2 answers

. - Silverlight, , . , , .

, - URL ? , ?

+1

Scott Wolchok 07 . '10 3:32

JerKimball · Accepted Answer · 2010-03-08T15:24:34+0000

I assume that if you want to be truly paranoid, you can combine all the calls from your client application through one endpoint of the web service and encrypt the payload ... something like:

Client application hits endpoint "givemeatoken.asmx"
The server generates a key token
The client encrypts all calls using the specified token, passing them to one endpoint "onlyservice.asmx"
The server decrypts the payload of calls using a token and routes the calls to the "real" web services.
The server retrieves the results of the call, re-encrypts with the token, and passes it back to the client
The client decrypts the results and does what he should do.

... , Silverlight, , "" . , ; , ( , )

How to protect my server methods

More articles: