I have about 1 year of .NET experience and I am trying to create and iPAD app that will store data in SQL Server database. Eventually this app will be on Android as well, etc..
I need to create a web service that is secure, uses token keys or session keys so that once user is logged in it keeps this info and the services are there to update/insert/delete from tables using the .NET webservice. I want to use SQL Server as the database
backend because I have extensive experience in database and use IIS . I also don't want to use any free service like parse etc.. I'm having a hard time to find clear examples of this anywhere on google. Basically what I want is as below:
1. when user logs in from ipad app, it authenticates if user exists or not via the webservice and checks the db. if successful logs in the user.
2. once logs in, the user is able to insert, update, delete various data that the app does and uses the web service to insert update delete etc..
3. The webservices all should only be allowed by the app with the correct session id or token id so that no one else will be able to use the webservice . the website will be using https so it will be secure. I don't want to use certificates for the ipad
app .
Can anyone help me create this or show me step by step or point me to links that have this , I would be forever grateful and somehow return the favor.
2: You can restrict the controller by using custom authorization filters. the filter allows any authenticated user to access the restricted methods. You can also limit access to specific users or to users in specific roles.
ASP.NET forums are moving to a new home on Microsoft Q&A, we encourage you to go to Microsoft Q&A for .NET for posting new questions and get involved today. Learn more >
None
0 Points
2 Posts
Creating Secure Web Service for consumption from iOS iPad app
Feb 17, 2016 12:16 AM|zlvdx|LINK
Hi,
I have about 1 year of .NET experience and I am trying to create and iPAD app that will store data in SQL Server database. Eventually this app will be on Android as well, etc..
I need to create a web service that is secure, uses token keys or session keys so that once user is logged in it keeps this info and the services are there to update/insert/delete from tables using the .NET webservice. I want to use SQL Server as the database backend because I have extensive experience in database and use IIS . I also don't want to use any free service like parse etc.. I'm having a hard time to find clear examples of this anywhere on google. Basically what I want is as below:
1. when user logs in from ipad app, it authenticates if user exists or not via the webservice and checks the db. if successful logs in the user.
2. once logs in, the user is able to insert, update, delete various data that the app does and uses the web service to insert update delete etc..
3. The webservices all should only be allowed by the app with the correct session id or token id so that no one else will be able to use the webservice . the website will be using https so it will be secure. I don't want to use certificates for the ipad app .
Can anyone help me create this or show me step by step or point me to links that have this , I would be forever grateful and somehow return the favor.
Thank you.
Star
11464 Points
2439 Posts
Re: Creating Secure Web Service for consumption from iOS iPad app
Feb 17, 2016 05:46 AM|Yohann Lu|LINK
Hi zlvdx,
From your description. I suggest you can use the Web API to implement your Web service. The following tutorials can help you.
1: How to create a Web API program:
http://www.asp.net/web-api/overview/getting-started-with-aspnet-web-api/tutorial-your-first-web-api
2: You can restrict the controller by using custom authorization filters. the filter allows any authenticated user to access the restricted methods. You can also limit access to specific users or to users in specific roles.
http://www.asp.net/web-api/overview/security/authentication-and-authorization-in-aspnet-web-api
3: Secure a Web API with Individual Accounts and Local Login in ASP.NET Web API 2.2:
http://www.asp.net/web-api/overview/security/individual-accounts-in-web-api
4: You also can use Tokens based on RSACryptoServiceProvider (Public/Private Keys) to make your application secure. The following tutorial implement RSA public/private token in the Web API service.
http://codebetter.com/johnvpetersen/2012/04/02/making-your-asp-net-web-apis-secure/
Best Regards,
Yohann Lu
None
0 Points
2 Posts
Re: Creating Secure Web Service for consumption from iOS iPad app
Feb 18, 2016 06:23 PM|zlvdx|LINK
Thank you so much. I will review this and provide feedback. I appreciate it !