Even a valid message may present a danger if it is utilized in a "replay attack". it is sent multiple times to the server to make it repeat the requested operation.

One way you can do this is to serialize your Java objects and send them over the wire to the application that requests them.

The problem with this approach is that a C# application would not be able to use these objects because it serializes and deserializes objects differently than Java.

Usual means to protect against replayed messages is either using unique identifiers (nonces) on messages and keeping track of processed ones, or using a relatively short validity time window.

In the Web Services world, information about the message creation time is usually communicated by inserting timestamps, which may just tell the instant the message was created, or have additional information, like its expiration time, or certain conditions.

Web services typically present a public functional interface, callable in a programmatic fashion, while web applications tend to deal with a richer set of features and are content-driven in most cases.

Web services, like other distributed applications, require protection at multiple levels: Correspondingly, the high-level approaches to solutions, discussed in the following sections, are valid for pretty much any distributed application, with some variations in the implementation details.

If every one of these applications uses its own unique file format, it would take considerable research to get the C# application to a working state.

The solution to both of these problems is to send a standard file format.

Another approach you could take is to send a text file filled with data to the application that requests it.