本文介绍了您可以隐藏来自数据包嗅探器的Web服务ASMX调用吗?的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我是Web服务的新手,所以我创建了一个Web服务来替换当前的应用程序内数据库事务.我希望事情变得更安全,所以这就是为什么我要这样做.

I am new to web services so I created a web service to replace my current in-app DB transactions. I wanted things to be safer so that is why I went this way.

使用免费的数据包嗅探器时,它会立即抓住我的Web服务ASMX呼叫.这样做的问题是,使用诸如Fiddler之类的程序,他们可以轻松地看到来回的数据,甚至更糟的是设置自动响应器.

When using a free packet sniffer, it instantly grabs my web service ASMX call. The problem with this is that using a program such as fiddler they can easily see the data going back and forth and even worse set up a auto responder.

是否可以隐藏发送到Web服务的呼叫以从数据包嗅探器中隐藏?或者至少使打来的电话更加困难?

Is there a way to hide the calls being sent to the web service to hide from packet sniffers? Or at least make it more difficult to see the calls?

推荐答案

仅出于传输级别的安全性,将其通过安全通道(例如SSL)公开.

Expose it over a secured channel (such as SSL) only for transport level security.

或者,您可以选择实施 WS-Security 来验证调用方,对有效负载进行签名或对有效负载进行加密(部分或全部);或以上的任意组合.

Alternatively, you may choose to implement WS-Security to validate the identity of the callers, sign the payload or encrypt the payload (partially or fully); or any combination of the above.

以下是在ASP.NET上下文中讨论此问题的文章: http://msdn.microsoft.com/zh-CN/magazine/cc188947.aspx

Here is an article that talks about this in the context of ASP.NET: http://msdn.microsoft.com/en-us/magazine/cc188947.aspx

这篇关于您可以隐藏来自数据包嗅探器的Web服务ASMX调用吗?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!

08-29 03:48
查看更多