gọi điện thoại không thể tham gia vào tiêu chuẩn, các mô hình bảo mật dựa trên Windows được sử dụng bằng một số cách bạn có thể sử dụng phương pháp xác thực và ủy quyền của để bảo đảm các dịch vụ Web XML của bạn. Rất may, các tùy chọn này không khác nhiều so với bảo vệ tài nguyên khác. | Security and XML Web Services You have two primary options for securing XML Web services written as .asmx files and hosted by . The first is to use one of the standard security methods to authenticate and authorize users. This option is similar to securing any resources such as a Web page directory or other file. The second approach is to write a custom security model using SOAP headers. This option can be useful if your calling clients cannot participate in the standard Windows-based security models used by . Security There a number of ways you can use the authentication and authorization methods of to secure your XML Web services. Thankfully these options are not much different from securing other resources. This is a result of the Web service working much like a Web page. They both have a URL that points to a file. You can therefore lock down this file like you would any resource. Each security option comes with performance versus security trade-offs. As an example if you are processing sensitive information such as social security numbers credit cards and the like you will want to encrypt this data as it travels over the network. However this encryption will decrease performance as the calls have to be encrypted and decrypted and the messages themselves will be larger. On the other hand if you are sending basic information to and from the Web service such as a part numbers category identifiers or similar details you can relax the need for encryption and focus instead on authenticating and authorizing a user. This will help increase your performance and throughput. If your Web service is meant to be public either inside or outside the firewall you can always provide anonymous access to your Web service. The first step in setting up your security model is determining a method for authentication. This means determining who the user actually is. The second is to decide if the user has .