Secure WS in VB.NET


This code covers the .NET (VB) implementation of the security of web services using the Microsoft "The Favorites Service" security modified schema.

Let's explain how "The Favorites Service" security schema (implemented in C++): the user passes the login and the password using SSL to the Logon method and receives a one-hour valid key. After that, each method is called with this one-hour valid key as parameter and with the rest of parameters. To reduce the possibility to overload the traffic between web server and database by flooding the web service with requests with invalid keys, the web service determines if the key is generated by the web service. If the key is ok then the method is served. The only risk to break this security is to somebody sniff the key and to use it in one hour maximum.

The code implements the generation, validation and the usage of the (hashed) keys in VB.NET. Trying to reduce the above security risk I changed the secret with the IP address of the request. So, the "bad guy" must be able to sniff the key in addition to spoof the IP web service's client (or to be behind the same proxy).

A little background (from MSDN): The hash is used as a unique value of fixed size representing a large amount of data. Hashes of two sets of data should match if and only if the corresponding data also matches. Small changes to the data result in.

Secure WS.jpg


Unzip the source code file into a folder and make it Virtual directory through Internet Services Manager.