Re: How to secure a Web Services Application...



You can protect your web service via transport protocol level like
HTTPS, SFTP,etc which means that encryption is done in the transmission
of your messages.

You can protect also via message level which means using a widely used
standard (called WS-Security) to encrypt or sign SOAP messages.
Under this type, you have various mechanisms to use like digital
certificates (x.509), kerberos, SAML, or simple username tokens.

Or you can use both of the above of course.

The Microsoft Patterns and Practices Group has several articles on this
matter.
http://msdn.microsoft.com/practices/default.aspx?pull=/library/en-us/dnpag2/html/wssp.asp


HTH

.