Many mobile applications are distributed in nature and involve software running on the device, data transmission over a network, authentication and authorization mechanisms at the server, and software running on a back-end server. Security is only as good as the weakest link, so you must examine the security of all components in a distributed application.

This chapter has explained how to use authentication mechanisms to control who is allowed to use a handheld device, how to secure data that is stored on the device, how to encrypt data in transit over a network, and how to authenticate logons in an IIS server. This chapter has looked at the authentication mechanisms you can use with XML Web services, including the use of custom SOAP headers. ...