Web Service and ASP.NET Forms Authentication

  • Thread starter Henrik Skak Pedersen
  • Start date
H

Henrik Skak Pedersen

Hi,

Is it possible to use ASP.NET Forms Authentication in Web Services? or
should I use WSE 3.0 UserNameTokens?

I have to call the web service from a Web App, a Windows App and a
SmartPhone app.

Thanks

Henrik Skak Pedersen
 
D

Dominick Baier [DevelopMentor]

Hi Henrik,

FormsAuth relies on cookies - this is very unnatural for web services - you
would have to create a login method, the client needs a cookie container
(bit of a problem for asp.net) etc...

Well - you could use WSE3 username tokens with SSL or basic authentication
with SSL (which are both very similar)

basic auth would be against windows accounts only unless you implement your
own basic auth module that authenticates against a custom user store.
WSE3 has the concept of UsernameTokenManagers where you can implement custom
authentication but has to be installed on every client

HTH
 
H

Henrik Skak Pedersen

Hi Dominick,

Again, thank you for your reply :)

Ok, so FormsAuth is out, the same is WSE because it is not supported on the
Compact Framework. All my users are custom users and not Windows accounts,
so that leaves me with implementing my own basic auth module. Do you have
any examples of how to do that?

I guess that is supported on all three platforms?

Thanks
henrik.
 
D

Dominick Baier [DevelopMentor]

for which solution??

I personally would go for basic auth over SSL with a custom basic auth module
in ASP.NET - i can help you implement that...
 
H

Henrik Skak Pedersen

I was thinking of implementing a solution like the guy in this example:
http://www.code-magazine.com/articleprint.aspx?quickid=0307071&printmode=true

he is creating a custom SOAP header containing a user name and a password.
Try to take a look at the SecureCalculator class.

But I you think that your idea is better I would really appreciate your
help.

Cheers
Henrik.

Dominick Baier said:
for which solution??

I personally would go for basic auth over SSL with a custom basic auth
module in ASP.NET - i can help you implement that...

---------------------------------------
Dominick Baier - DevelopMentor
http://www.leastprivilege.com
Hi Dominick,

I just got a link in a reply from the Compact Framework forum, which
is a discussion similar to mine:
http://forums.microsoft.com/MSDN/ShowPost.aspx?PostID=325044&SiteID=1

I think that I will go for this solution:
http://www.code-magazine.com/articleprint.aspx?quickid=0307071&printmo
de=true
Again thank you for your reply.

Cheers Henrik
Henrik Skak Pedersen said:
Hi Dominick,

Again, thank you for your reply :)

Ok, so FormsAuth is out, the same is WSE because it is not supported
on the Compact Framework. All my users are custom users and not
Windows accounts, so that leaves me with implementing my own basic
auth module. Do you have any examples of how to do that?

I guess that is supported on all three platforms?

Thanks
henrik.
"Dominick Baier [DevelopMentor]"

Hi Henrik,
FormsAuth relies on cookies - this is very unnatural for web
services -
you would have to create a login method, the client needs a cookie
container (bit of a problem for asp.net) etc...
Well - you could use WSE3 username tokens with SSL or basic
authentication with SSL (which are both very similar)

basic auth would be against windows accounts only unless you
implement
your own basic auth module that authenticates against a custom user
store.
WSE3 has the concept of UsernameTokenManagers where you can
implement
custom authentication but has to be installed on every client
HTH

---------------------------------------
Dominick Baier - DevelopMentor
http://www.leastprivilege.com
Hi,

Is it possible to use ASP.NET Forms Authentication in Web Services?
or should I use WSE 3.0 UserNameTokens?

I have to call the web service from a Web App, a Windows App and a
SmartPhone app.

Thanks

Henrik Skak Pedersen
Click to expand...
Click to expand...
Click to expand...
 
D

Dominick Baier [DevelopMentor]

mail me...

---------------------------------------
Dominick Baier - DevelopMentor
http://www.leastprivilege.com
I was thinking of implementing a solution like the guy in this
example:
http://www.code-magazine.com/articleprint.aspx?quickid=0307071&printmo
de=true

he is creating a custom SOAP header containing a user name and a
password. Try to take a look at the SecureCalculator class.

But I you think that your idea is better I would really appreciate
your help.

Cheers
Henrik.
for which solution??

I personally would go for basic auth over SSL with a custom basic
auth module in ASP.NET - i can help you implement that...

---------------------------------------
Dominick Baier - DevelopMentor
http://www.leastprivilege.com
Hi Dominick,

I just got a link in a reply from the Compact Framework forum, which
is a discussion similar to mine:
http://forums.microsoft.com/MSDN/ShowPost.aspx?PostID=325044&SiteID=
1

I think that I will go for this solution:
http://www.code-magazine.com/articleprint.aspx?quickid=0307071&print
mo
de=true
Again thank you for your reply.
Cheers Henrik
Hi Dominick,

Again, thank you for your reply :)

Ok, so FormsAuth is out, the same is WSE because it is not
supported on the Compact Framework. All my users are custom users
and not Windows accounts, so that leaves me with implementing my
own basic auth module. Do you have any examples of how to do that?

I guess that is supported on all three platforms?

Thanks
henrik.
"Dominick Baier [DevelopMentor]"
Hi Henrik,
FormsAuth relies on cookies - this is very unnatural for web
services -
you would have to create a login method, the client needs a cookie
container (bit of a problem for asp.net) etc...
Well - you could use WSE3 username tokens with SSL or basic
authentication with SSL (which are both very similar)
basic auth would be against windows accounts only unless you
implement
your own basic auth module that authenticates against a custom
user
store.
WSE3 has the concept of UsernameTokenManagers where you can
implement
custom authentication but has to be installed on every client
HTH
---------------------------------------
Dominick Baier - DevelopMentor
http://www.leastprivilege.com
Hi,

Is it possible to use ASP.NET Forms Authentication in Web
Services? or should I use WSE 3.0 UserNameTokens?

I have to call the web service from a Web App, a Windows App and
a SmartPhone app.

Thanks

Henrik Skak Pedersen
Click to expand...
Click to expand...
Click to expand...
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Forms Authentication & Windows Authentication 2
ASP.NET Forms Authentication site calling web service 8
Forms Authentication, Web Service, and AJAX 0
Web service, forms authentication and DefaultCredentials 0
Combined Windows and Forms Authentication ASP.NET 2 2
SQLSTATE[08006] [7] could not translate host name "pgsql" to address: Name or service not known 1
Bash scripts for web apps 1
Best practice with authentication and web service 0

Members online

No members online now.
Total: 35 (members: 0, guests: 35)
Robots: 441

Forum statistics

Threads
473,769
Messages
2,569,580
Members
45,055
Latest member
SlimSparkKetoACVReview

Latest Threads

Top