best way implement web service with authentication.

Discussion in 'ASP .Net Web Services' started by modi, Jan 24, 2007.

  1. modi

    modi Guest

    hi,
    We guys have implement a webservice wherein we authenticate the user
    by passing the same in soap headers. once is the user is authenticated
    we flag the user as authenticated in a session variable. My doubt is,
    is it the right way of implementing this. We are using inproc to store
    the session. And i know this is not the right way to store the session.


    Our requirements are:
    1. We want the webservice to be universally consumed by any client(i.e
    the client may be written java etc).
    2. We dont want our clients to break their heads in configuring the
    soap headers, encrypt those and pass it.
    2. Best way to authenticate the client.

    This question might seem obvious to many....may be i am
    ignorant in this issue.
    Please help!!
    regards
    modi
     
    modi, Jan 24, 2007
    #1
    1. Advertisements

  2. modi

    Mark Nelson Guest

    Modi,

    Considering your scenario, your design looks fine.
    But it's a better idea to encrypt and pass the SOAP headers.

    --
    Thanks & Regards,
    Mark Nelson


    "modi" wrote:

    > hi,
    > We guys have implement a webservice wherein we authenticate the user
    > by passing the same in soap headers. once is the user is authenticated
    > we flag the user as authenticated in a session variable. My doubt is,
    > is it the right way of implementing this. We are using inproc to store
    > the session. And i know this is not the right way to store the session.
    >
    >
    > Our requirements are:
    > 1. We want the webservice to be universally consumed by any client(i.e
    > the client may be written java etc).
    > 2. We dont want our clients to break their heads in configuring the
    > soap headers, encrypt those and pass it.
    > 2. Best way to authenticate the client.
    >
    > This question might seem obvious to many....may be i am
    > ignorant in this issue.
    > Please help!!
    > regards
    > modi
    >
    >
     
    Mark Nelson, Jan 30, 2007
    #2
    1. Advertisements

  3. modi

    WishMaster Guest

    On Jan 30, 7:38 pm, Mark Nelson <>
    wrote:
    > Modi,
    >
    > Considering your scenario, your design looks fine.
    > But it's a better idea to encrypt and pass the SOAP headers.
    >
    > --
    > Thanks & Regards,
    > Mark Nelson
    >
    > "modi" wrote:
    > > hi,
    > > We guys have implement a webservice wherein we authenticate the user
    > > by passing the same in soap headers. once is the user is authenticated
    > > we flag the user as authenticated in a session variable. My doubt is,
    > > is it the right way of implementing this. We are using inproc to store
    > > the session. And i know this is not the right way to store the session.

    >
    > > Our requirements are:
    > > 1. We want the webservice to be universally consumed by any client(i.e
    > > the client may be written java etc).
    > > 2. We dont want our clients to break their heads in configuring the
    > > soap headers, encrypt those and pass it.
    > > 2. Best way to authenticate the client.

    >
    > > This question might seem obvious to many....may be i am
    > > ignorant in this issue.
    > > Please help!!
    > > regards
    > > modi



    Hi,

    To achieve good security, you have to compromise and to adding the
    security in header is pretty standard way to implement and this is why
    we have SOAP standards.

    and yes, if your service is going to be accessed universally then I
    would suggest to consider SSL as well.

    Cheers,
    Amer
     
    WishMaster, Jan 31, 2007
    #3
    1. Advertisements

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. David
    Replies:
    1
    Views:
    409
    Steve C. Orr [MVP, MCSD]
    Jun 3, 2004
  2. Mohammad
    Replies:
    1
    Views:
    485
  3. Dag Sunde
    Replies:
    5
    Views:
    622
  4. Replies:
    1
    Views:
    413
    Joe Kaplan \(MVP - ADSI\)
    Jun 14, 2006
  5. Rob Heckart

    Best way to deploy authentication on web services

    Rob Heckart, Dec 27, 2004, in forum: ASP .Net Web Services
    Replies:
    0
    Views:
    194
    Rob Heckart
    Dec 27, 2004
  6. Replies:
    0
    Views:
    246
  7. Replies:
    3
    Views:
    565
  8. Leo Violette
    Replies:
    0
    Views:
    1,317
    Leo Violette
    Apr 17, 2009
Loading...