cyphersec A blog about Web Application Security and .NET development best practices

11Feb/090

WebService Security : Filter clients in a WebService scenario using an encrypted storage

    (Pseudo Code Mode ON)

     [WebServiceDescription(=Somethingwhatever)]
    public MySuperWebMethod
    {

        // (ASP.NET Tip) Use the Request object using Context
        if (ShiedObject.IsClientAllowedToCall(Request.UserHostAddress))
        {
            // Where isClientAllowedToCall is a method of the ShieldObjectClass.
            // IsClientAllowed implement a very basic streamreader function to read
            // the content of a specific .txt file located somewhere in a private storage.
            // This file(which could be encrypted) contains a whitelist
            // of trusted ips.
            // While looping using a "line by line pattern" if line match the current
            // client's ip then break and return true;
            // If not keep reading untill the end of the file and if there is not matches
            // return false;

            // If you reach this line you are allowed to call this "private" method

            return HelloWorld();

        }
        else
        {
            // Cheers..
            throw new YouAreNotAllowedToStayHereException();
        }
    }

About Alessio Marziali

Alessio Marziali (MCTS) is a Security Consultant with 9 years of experience developing secure applications with Microsoft .NET in a variety of sectors in UK and Italy. Published technical author with two ASP.NET books currently available for purchase and OWASP Code Crawler Project Leader.
Filed under: Code Review, Pro ASP.NET, owasp.org Leave a comment
Comments (0) Trackbacks (0)

No comments yet.


Leave a comment


CAPTCHA image

No trackbacks yet.

« SCRUM in 10 minutes OWASP goes Open Source (for real) »

who$

Stories about a developer living in the security world.

get in touch$

I'm on twitter. alessiomarziali and Linkedin.

recent-stories$

archive$list

tags$show