Web Services only connecting to Trusted Devices

StackOverflow https://stackoverflow.com/questions/2022730

Question

I am on a project that uses web services to communicate with hand held devices (Symbol MC70s running windows mobile 5).

We need to make sure that others on the internet can't connect to the web services and start sending info.

I have made a certificate so that the hand held will only connect to my services, but I don't know how to make sure that my services will only connect to my hand held devices.

My app is coded in the .NET Compact Framework and I am using Visual Studio 2008 SP1. My services are hosted in IIS and are coded with WCF in C# (.NET 3.5 sp1).

Any ideas?

Was it helpful?

Solution

Password-protect the services. Alternatively, authenticate the client by the client SSL certificate and issue those to your users.

No way to lock access down to a specific device. A device can be spoofed fairly easily.

OTHER TIPS

When you say that you've "... made a certificate so that the hand held will only connect to my services", are you saying that the device uses https to the web service or that the device is locked down to only connect to the web service http URL?

Anyway, if you are concerned about the data pulled from the web service, you could encrypt it with a key known to your device.

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top