N OT E
If you are building Active Directory applications using Web services, be
ultra-careful about what functionality you provide to those who are accessing
your XML Web service.
What Types of Businesses Should Use Web Services?
The following types of businesses should consider Web services:
New businesses seeking to provide functionality to other developers
using the Internet.
Any business that already has an Internet presence. These businesses
can leverage the advantages of SOAP-based Web methods in their
Any business that is currently using Winsock or RCP as a method of
Companies that have diversified software project initiatives by IDE,
operating system, or both. By default, Web services are as secure as
internal remoting objects because they can be exposed only to
members of the domain you choose. Authentication methods
include Basic, Windows, Digest, Forms, and Passport. You control
who has access to your Web methods programmatically.
XML Web Services Security in .NET
When considering .NET for Web services and SOAP, the first thing most
people think about is security. Many people believe there isnt any security
wrapped around Web services. True, security isnt readily visible to the
user and is usually configured internally to the server, but that doesnt
mean Web services arent secure!
Another concern is that Web services are publicly exposed. This leads
people to believe that anyone can simply reference a Web service and begin
using its public methods. This, too, is an unfounded concern. In fact, we
can even use Windows authentication to restrict the users of our Web ser-
vice to only those people who have valid user accounts on the same
domain as the server.
At first, it is easy to conceive of .NET Web services as functions on the
Web that anyone can use at any time. The truth is that anyone with infor-
mation pertaining to the location of the .asmx Web service file can reference
What Are Web Services?