Designing and Implementing Secure Enterprise Services

OData support
Dr. Charaf Hassan
Department of Automation and Applied Informatics

This thesis is about the aspects of securing enterprise services. In order to secure the services, the Reverse Proxy application was designed and implemented, based on requirements from the procurer.

The Proxy application is based on Microsoft .NET Framework, and it is deployed on IIS, the web server of Microsoft. The Proxy uses built-in IIS functionality such as authentication. The Active Directory of the enterprise stores all user profile description.

The Proxy is working with HTTP requests, which contains appropriate data to call web services. The Proxy has all necessary information about the actual web services in order to call them. The endpoint (address) of actual web service is not revealed to the client.

The HTTP requests are validated by the Proxy. During the process the HTTP verb, headers and request body structure are examined, furthermore the body is validated against schemas.

Accessing the actual services is limited. The Proxy examines that how much parallel request can be forwarded from the authenticated user in the current time interval. The Proxy keeps records of the requests are in progress to the actual service. This way, the Proxy protects the actual services from denial-of-service attacks.

If a request passed the validations and limits, then it is modified by the Proxy and forwarded to the actual service. Likewise, the response from service is modified and sent back to the client.


Please sign in to download the files of this thesis.