Last post Jan 19, 2018 12:12 PM by uid250511
Jan 19, 2018 10:49 AM|uid250511|LINK
I have a basic web service
<%@ WebHandler Language="VB" Class="TestHandler" %>
Public Class TestHandler : Implements IHttpHandler
Public Sub ProcessRequest(ByVal context As HttpContext) Implements IHttpHandler.ProcessRequest
context.Response.ContentType = "text/plain"
Public ReadOnly Property IsReusable() As Boolean Implements IHttpHandler.IsReusable
I have a third party who will send an XML request to this service which is hosted publicly and then i reply back with a 200 status (saving some details to a database). I assume at this stage i will use the HttpWebRequest to send the status back however with
it being public any guides i could follow to ensure its fully protected and no security loop holes?
Jan 19, 2018 11:49 AM|mgebhard|LINK
You've posted an
HttpHandler not a service. HttpHandlers process certain types of requests. It is not clear why you need HttpWebRequest to send a response as that's the handler's job. Lastly, you have not told us how the site is secured.
Perhaps Web API is a better choice.
Jan 19, 2018 12:12 PM|uid250511|LINK
Yea your correct, after i asked i started to change the project but probably have confused myself a little in the process :-)
So an incoming request would reach a public URL i control, this URL would handle the request (i.e. process the incoming request and take appropriate actions on our database). Once completed i need to return a HTTP response. That would be the entire process.
So i added an ashx file to my project and i could access it via a URL i.e. http://localhost/myfile.ashx which returns "Hello World", meaning the structure is setup correctly before i start writing code.
Security wise, i am using forms auth.
Before i go any further does this all sound ok? (So i may not need Web API)?