I am using asmx webservice and i have added NetworkCredential:
Credentials = new NetworkCredential("Farshad", "HN", "Yaas")
I have heard that if some one catch my header request can obtain NetworkCredential. He offered me to hash them and then attach them to NetworkCredential. Is there any other ways to make it more secure?
I solved my question in this way:
Like @bradbury9 said, this credential will be passed in a clear text so we need a safe channel.
But there is another thing that we can do. In IIS there are Basic Authentication and digest Authentication.
Digest Authentication will automatically hash (Username,Password,Domain) in a secure way (Now there is just a string that is named response) and Basic authentication will check this response with windows's users.
Instead of using ssl we can use self sign certificate to make secure channel in a local network.