Help needed in finding the right place to start

Discussion in 'ASP .Net Security' started by David Haynes, Aug 9, 2006.

  1. David Haynes

    David Haynes Guest

    I would appreciate some pointers to the correct place to start learning
    how to achieve the following:

    1. I have a web service (SOAP) that needs to be authenticated prior to use.
    2. The authentication is of the form: login and password
    3. I want to be able to:
    a) authenticate the login/password using windows authentication
    b) authenticate the login/password using active directory
    I cannot use a separate database or config file for this.
    4. Based on the authentication, I want to pick up the user's roles.

    I am using C# and .NET 2.0.

    Ideally, I would like to find an object that lets me pass in a
    login/password and get a true/false on the authentication and, if true,
    lets me obtain the roles for that account.

    I *think* I should be able to do this using Forms authentication but I
    cannot see how to supply the login/password (other than my own) to get
    things started.

    Pointers? Tips?

    Thanks
    -david-
     
    David Haynes, Aug 9, 2006
    #1
    1. Advertising

  2. You generally never want to use forms auth with a web service, as forms auth
    is intended for end user/browser interaction, not for programmatic access.

    There are generally two ways to do this:
    - Transport level security (using the authentication features built into
    IIS)
    - Message level security (using a framework like WSE3 or something)

    Transport level security is generally easy to implement and is well
    supported by most clients (usually with no significant changes), so that's
    your path of least resistance. If your server is joined to the AD domain,
    IIS can already use transport security (Basic, Digest or IWA). You just
    turn it on. If you use Basic auth, you really have to use SSL as well,
    although you should probably consider doing that anyway. Which one you use
    will depend a little bit on your clients and other factors.

    If you want to do message level security, you probably just want to start
    looking into WSE3 (unless you can work with a beta of WCF).

    Joe K.

    --
    Joe Kaplan-MS MVP Directory Services Programming
    Co-author of "The .NET Developer's Guide to Directory Services Programming"
    http://www.directoryprogramming.net
    --
    "David Haynes" <> wrote in message
    news:uvsCg.63283$...
    >I would appreciate some pointers to the correct place to start learning how
    >to achieve the following:
    >
    > 1. I have a web service (SOAP) that needs to be authenticated prior to
    > use.
    > 2. The authentication is of the form: login and password
    > 3. I want to be able to:
    > a) authenticate the login/password using windows authentication
    > b) authenticate the login/password using active directory
    > I cannot use a separate database or config file for this.
    > 4. Based on the authentication, I want to pick up the user's roles.
    >
    > I am using C# and .NET 2.0.
    >
    > Ideally, I would like to find an object that lets me pass in a
    > login/password and get a true/false on the authentication and, if true,
    > lets me obtain the roles for that account.
    >
    > I *think* I should be able to do this using Forms authentication but I
    > cannot see how to supply the login/password (other than my own) to get
    > things started.
    >
    > Pointers? Tips?
    >
    > Thanks
    > -david-
    >
     
    Joe Kaplan \(MVP - ADSI\), Aug 10, 2006
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Stephanie Stowe

    right place? ASP.NEt app debugging problem

    Stephanie Stowe, Oct 1, 2004, in forum: ASP .Net
    Replies:
    0
    Views:
    433
    Stephanie Stowe
    Oct 1, 2004
  2. =?Utf-8?B?SXJmYW4gQWtyYW0=?=

    Getting the page to display at the right place..

    =?Utf-8?B?SXJmYW4gQWtyYW0=?=, Dec 27, 2004, in forum: ASP .Net
    Replies:
    2
    Views:
    293
    =?Utf-8?B?SXJmYW4gQWtyYW0=?=
    Dec 27, 2004
  3. JAlexa9898
    Replies:
    2
    Views:
    425
    Andrew Thompson
    Feb 2, 2005
  4. s_m_b
    Replies:
    3
    Views:
    324
    Oliver Wong
    Sep 8, 2005
  5. Randy Harris

    IN PLACE edit syntax help needed

    Randy Harris, Feb 23, 2004, in forum: Perl Misc
    Replies:
    2
    Views:
    112
    Joe Smith
    Feb 25, 2004
Loading...

Share This Page