User Authentication

Discussion in 'ASP .Net Web Services' started by Alex. O. Koranteng, Oct 2, 2008.

  1. I am new to Web Services and would like to write a web services to
    authenticate the user logged on. Any suggestions where to start or resources
    to read on.

    Thanks

    Alex
    Alex. O. Koranteng, Oct 2, 2008
    #1
    1. Advertising

  2. Alex. O. Koranteng

    Steven Cheng Guest

    Hi Alex,

    From your description, you're developing an ASP.NET webservice(ASMX)
    application, and wondering how to secuire the webservice application such
    as provide user logon authentication, correct?

    Based on my experience, for ASP.NET webservice, you have the following
    options for apply user logon authentication:

    ** Since ASP.NET web application are hosted in IIS server, therefore, you
    can using windows authentication which rely on the IIS's integrated windows
    authentication. IIS will do the authentication for client request and then
    forward the authenticated user info to ASP.NET application(your ASP.NET
    application also set to "Windows" authentication so as to associate it
    with each request Httpcontext).

    ** If you do not want to use windows authentication, maybe the client is
    not quite rely on windows platform or .NET client. You can consider some
    standard authentication methods(such as HTTP basic authentication), this
    also rely on the IIS server to help authenticate the request.

    Otherwise, you can also use custom authentication. That means use some
    data/property of your webservice SOAP message itself. For example, you can
    use custom soap header, for even some method parameter to carry the
    security user logon info.

    here are some web reference introducing most of the approaches for securing
    ASP.NET webservice:

    #Securing XML Web Services Created Using ASP.NET
    http://msdn.microsoft.com/en-us/library/w67h0dw7(VS.71).aspx

    #Security Options for .NET Web Services
    http://dotnet.sys-con.com/node/38918

    Sincerely,

    Steven Cheng

    Microsoft MSDN Online Support Lead


    Delighting our customers is our #1 priority. We welcome your comments and
    suggestions about how we can improve the support we provide to you. Please
    feel free to let my manager know what you think of the level of service
    provided. You can send feedback directly to my manager at:
    .

    ==================================================
    Get notification to my posts through email? Please refer to
    http://msdn.microsoft.com/en-us/subscriptions/aa948868.aspx#notifications.

    Note: The MSDN Managed Newsgroup support offering is for non-urgent issues
    where an initial response from the community or a Microsoft Support
    Engineer within 1 business day is acceptable. Please note that each follow
    up response may take approximately 2 business days as the support
    professional working with you may need further investigation to reach the
    most efficient resolution. The offering is not appropriate for situations
    that require urgent, real-time or phone-based interactions or complex
    project analysis and dump analysis issues. Issues of this nature are best
    handled working with a dedicated Microsoft Support Engineer by contacting
    Microsoft Customer Support Services (CSS) at
    http://support.microsoft.com/select/default.aspx?target=assistance&ln=en-us.
    ==================================================
    This posting is provided "AS IS" with no warranties, and confers no rights.


    --------------------
    >From: =?Utf-8?B?QWxleC4gTy4gS29yYW50ZW5n?= <>
    >Subject: User Authentication
    >Date: Thu, 2 Oct 2008 12:11:01 -0700


    >
    >I am new to Web Services and would like to write a web services to
    >authenticate the user logged on. Any suggestions where to start or

    resources
    >to read on.
    >
    >Thanks
    >
    >Alex
    >
    Steven Cheng, Oct 3, 2008
    #2
    1. Advertising

  3. Steve,

    Thanks for the suggestions. I am using using windows authentication. My
    business scenarion will be something like described below:

    I have created a simple web service like Hello word. Would like authenticate
    the user who is logged on, in this situation Alex-PC\test. If not show
    invalid user credentials message.

    Thanks

    ""Steven Cheng"" wrote:

    > Hi Alex,
    >
    > From your description, you're developing an ASP.NET webservice(ASMX)
    > application, and wondering how to secuire the webservice application such
    > as provide user logon authentication, correct?
    >
    > Based on my experience, for ASP.NET webservice, you have the following
    > options for apply user logon authentication:
    >
    > ** Since ASP.NET web application are hosted in IIS server, therefore, you
    > can using windows authentication which rely on the IIS's integrated windows
    > authentication. IIS will do the authentication for client request and then
    > forward the authenticated user info to ASP.NET application(your ASP.NET
    > application also set to "Windows" authentication so as to associate it
    > with each request Httpcontext).
    >
    > ** If you do not want to use windows authentication, maybe the client is
    > not quite rely on windows platform or .NET client. You can consider some
    > standard authentication methods(such as HTTP basic authentication), this
    > also rely on the IIS server to help authenticate the request.
    >
    > Otherwise, you can also use custom authentication. That means use some
    > data/property of your webservice SOAP message itself. For example, you can
    > use custom soap header, for even some method parameter to carry the
    > security user logon info.
    >
    > here are some web reference introducing most of the approaches for securing
    > ASP.NET webservice:
    >
    > #Securing XML Web Services Created Using ASP.NET
    > http://msdn.microsoft.com/en-us/library/w67h0dw7(VS.71).aspx
    >
    > #Security Options for .NET Web Services
    > http://dotnet.sys-con.com/node/38918
    >
    > Sincerely,
    >
    > Steven Cheng
    >
    > Microsoft MSDN Online Support Lead
    >
    >
    > Delighting our customers is our #1 priority. We welcome your comments and
    > suggestions about how we can improve the support we provide to you. Please
    > feel free to let my manager know what you think of the level of service
    > provided. You can send feedback directly to my manager at:
    > .
    >
    > ==================================================
    > Get notification to my posts through email? Please refer to
    > http://msdn.microsoft.com/en-us/subscriptions/aa948868.aspx#notifications.
    >
    > Note: The MSDN Managed Newsgroup support offering is for non-urgent issues
    > where an initial response from the community or a Microsoft Support
    > Engineer within 1 business day is acceptable. Please note that each follow
    > up response may take approximately 2 business days as the support
    > professional working with you may need further investigation to reach the
    > most efficient resolution. The offering is not appropriate for situations
    > that require urgent, real-time or phone-based interactions or complex
    > project analysis and dump analysis issues. Issues of this nature are best
    > handled working with a dedicated Microsoft Support Engineer by contacting
    > Microsoft Customer Support Services (CSS) at
    > http://support.microsoft.com/select/default.aspx?target=assistance&ln=en-us.
    > ==================================================
    > This posting is provided "AS IS" with no warranties, and confers no rights.
    >
    >
    > --------------------
    > >From: =?Utf-8?B?QWxleC4gTy4gS29yYW50ZW5n?= <>
    > >Subject: User Authentication
    > >Date: Thu, 2 Oct 2008 12:11:01 -0700

    >
    > >
    > >I am new to Web Services and would like to write a web services to
    > >authenticate the user logged on. Any suggestions where to start or

    > resources
    > >to read on.
    > >
    > >Thanks
    > >
    > >Alex
    > >

    >
    >
    Alex. O. Koranteng, Oct 4, 2008
    #3
  4. Alex. O. Koranteng

    Steven Cheng Guest

    Thanks for your reply Alex,

    If you're using windows authenticaiton, most of them have been done by the
    IIS and ASP.NET authentication modules and our application just need to do
    some configuration work. Have you made it working?

    One thing is that if you test if via Visual studio test server, it is
    different from IIS that VS test server by default always use NTLM
    authentiation and run under the logon user. While deploying in IIS, you
    need to configure both IIS virtual directory and ASP.NET web.config to make
    sure windows authentication is used.

    If you have anything unclear, please feel free to let me know.

    Sincerely,

    Steven Cheng

    Microsoft MSDN Online Support Lead


    Delighting our customers is our #1 priority. We welcome your comments and
    suggestions about how we can improve the support we provide to you. Please
    feel free to let my manager know what you think of the level of service
    provided. You can send feedback directly to my manager at:
    .

    ==================================================
    Get notification to my posts through email? Please refer to
    http://msdn.microsoft.com/en-us/subscriptions/aa948868.aspx#notifications.

    ==================================================
    This posting is provided "AS IS" with no warranties, and confers no rights.

    --------------------

    >From: =?Utf-8?B?QWxleC4gTy4gS29yYW50ZW5n?= <>
    >References: <>

    <>
    >Subject: RE: User Authentication
    >Date: Fri, 3 Oct 2008 19:28:01 -0700


    >
    >Steve,
    >
    >Thanks for the suggestions. I am using using windows authentication. My
    >business scenarion will be something like described below:
    >
    >I have created a simple web service like Hello word. Would like

    authenticate
    >the user who is logged on, in this situation Alex-PC\test. If not show
    >invalid user credentials message.
    >
    >Thanks
    >
    >""Steven Cheng"" wrote:
    >
    >> Hi Alex,
    >>
    >> From your description, you're developing an ASP.NET webservice(ASMX)
    >> application, and wondering how to secuire the webservice application

    such
    >> as provide user logon authentication, correct?
    >>
    >> Based on my experience, for ASP.NET webservice, you have the following
    >> options for apply user logon authentication:
    >>
    >> ** Since ASP.NET web application are hosted in IIS server, therefore,

    you
    >> can using windows authentication which rely on the IIS's integrated

    windows
    >> authentication. IIS will do the authentication for client request and

    then
    >> forward the authenticated user info to ASP.NET application(your ASP.NET
    >> application also set to "Windows" authentication so as to associate it
    >> with each request Httpcontext).

    >
    Steven Cheng, Oct 6, 2008
    #4
  5. Alex. O. Koranteng

    Steven Cheng Guest

    Hi Alex,

    Have you got any further progress on this issue or do you still have any
    other questions?
    If so, please feel free to let me know.

    Sincerely,

    Steven Cheng

    Microsoft MSDN Online Support Lead


    Delighting our customers is our #1 priority. We welcome your comments and
    suggestions about how we can improve the support we provide to you. Please
    feel free to let my manager know what you think of the level of service
    provided. You can send feedback directly to my manager at:
    .

    ==================================================
    Get notification to my posts through email? Please refer to
    http://msdn.microsoft.com/en-us/subscriptions/aa948868.aspx#notifications.

    ==================================================
    This posting is provided "AS IS" with no warranties, and confers no rights.
    --------------------
    >Content-Transfer-Encoding: 7bit
    >From: ("Steven Cheng")
    >Organization: Microsoft
    >Date: Mon, 06 Oct 2008 03:02:43 GMT
    >Subject: RE: User Authentication


    >
    >Thanks for your reply Alex,
    >
    >If you're using windows authenticaiton, most of them have been done by the
    >IIS and ASP.NET authentication modules and our application just need to do
    >some configuration work. Have you made it working?
    >
    >One thing is that if you test if via Visual studio test server, it is
    >different from IIS that VS test server by default always use NTLM
    >authentiation and run under the logon user. While deploying in IIS, you
    >need to configure both IIS virtual directory and ASP.NET web.config to

    make
    >sure windows authentication is used.
    >
    >If you have anything unclear, please feel free to let me know.
    >
    >Sincerely,
    >
    >Steven Cheng
    >
    >Microsoft MSDN Online Support Lead
    >
    >
    >Delighting our customers is our #1 priority. We welcome your comments and
    >suggestions about how we can improve the support we provide to you. Please
    >feel free to let my manager know what you think of the level of service
    >provided. You can send feedback directly to my manager at:
    >.
    >
    >==================================================
    >Get notification to my posts through email? Please refer to
    >http://msdn.microsoft.com/en-us/subscriptions/aa948868.aspx#notifications.
    >
    >==================================================
    >This posting is provided "AS IS" with no warranties, and confers no rights.
    >
    >--------------------
    >
    >>From: =?Utf-8?B?QWxleC4gTy4gS29yYW50ZW5n?= <>
    >>References: <>

    ><>
    >>Subject: RE: User Authentication
    >>Date: Fri, 3 Oct 2008 19:28:01 -0700

    >
    >>
    >>Steve,
    >>
    >>Thanks for the suggestions. I am using using windows authentication. My
    >>business scenarion will be something like described below:
    >>
    >>I have created a simple web service like Hello word. Would like

    >authenticate
    >>the user who is logged on, in this situation Alex-PC\test. If not show
    >>invalid user credentials message.
    >>
    >>Thanks
    >>
    >>""Steven Cheng"" wrote:
    >>
    >>> Hi Alex,
    >>>
    >>> From your description, you're developing an ASP.NET webservice(ASMX)
    >>> application, and wondering how to secuire the webservice application

    >such
    >>> as provide user logon authentication, correct?
    >>>
    >>> Based on my experience, for ASP.NET webservice, you have the following
    >>> options for apply user logon authentication:
    >>>
    >>> ** Since ASP.NET web application are hosted in IIS server, therefore,

    >you
    >>> can using windows authentication which rely on the IIS's integrated

    >windows
    >>> authentication. IIS will do the authentication for client request and

    >then
    >>> forward the authenticated user info to ASP.NET application(your ASP.NET
    >>> application also set to "Windows" authentication so as to associate it
    >>> with each request Httpcontext).

    >>

    >
    >
    Steven Cheng, Oct 8, 2008
    #5
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Andrew Connell
    Replies:
    1
    Views:
    522
    Natty Gur
    Oct 21, 2003
  2. raj mandadi
    Replies:
    0
    Views:
    412
    raj mandadi
    Dec 22, 2003
  3. Brett Porter
    Replies:
    2
    Views:
    733
    Andrea D'Onofrio [MSFT]
    Jan 20, 2004
  4. Mark
    Replies:
    0
    Views:
    662
  5. Brett Porter
    Replies:
    5
    Views:
    564
    Brett Porter
    Feb 3, 2004
Loading...

Share This Page