Web Service and ASP.NET Forms Authentication

Discussion in 'ASP .Net Security' started by Henrik Skak Pedersen, Apr 18, 2006.

  1. Hi,

    Is it possible to use ASP.NET Forms Authentication in Web Services? or
    should I use WSE 3.0 UserNameTokens?

    I have to call the web service from a Web App, a Windows App and a
    SmartPhone app.

    Thanks

    Henrik Skak Pedersen
    Henrik Skak Pedersen, Apr 18, 2006
    #1
    1. Advertising

  2. Hi Henrik,

    FormsAuth relies on cookies - this is very unnatural for web services - you
    would have to create a login method, the client needs a cookie container
    (bit of a problem for asp.net) etc...

    Well - you could use WSE3 username tokens with SSL or basic authentication
    with SSL (which are both very similar)

    basic auth would be against windows accounts only unless you implement your
    own basic auth module that authenticates against a custom user store.
    WSE3 has the concept of UsernameTokenManagers where you can implement custom
    authentication but has to be installed on every client

    HTH

    ---------------------------------------
    Dominick Baier - DevelopMentor
    http://www.leastprivilege.com

    > Hi,
    >
    > Is it possible to use ASP.NET Forms Authentication in Web Services?
    > or should I use WSE 3.0 UserNameTokens?
    >
    > I have to call the web service from a Web App, a Windows App and a
    > SmartPhone app.
    >
    > Thanks
    >
    > Henrik Skak Pedersen
    >
    Dominick Baier [DevelopMentor], Apr 18, 2006
    #2
    1. Advertising

  3. Hi Dominick,

    Again, thank you for your reply :)

    Ok, so FormsAuth is out, the same is WSE because it is not supported on the
    Compact Framework. All my users are custom users and not Windows accounts,
    so that leaves me with implementing my own basic auth module. Do you have
    any examples of how to do that?

    I guess that is supported on all three platforms?

    Thanks
    henrik.

    "Dominick Baier [DevelopMentor]" <>
    wrote in message news:...
    > Hi Henrik,
    > FormsAuth relies on cookies - this is very unnatural for web services -
    > you would have to create a login method, the client needs a cookie
    > container (bit of a problem for asp.net) etc...
    >
    > Well - you could use WSE3 username tokens with SSL or basic authentication
    > with SSL (which are both very similar)
    >
    > basic auth would be against windows accounts only unless you implement
    > your own basic auth module that authenticates against a custom user store.
    > WSE3 has the concept of UsernameTokenManagers where you can implement
    > custom authentication but has to be installed on every client
    >
    > HTH
    >
    > ---------------------------------------
    > Dominick Baier - DevelopMentor
    > http://www.leastprivilege.com
    >
    >> Hi,
    >>
    >> Is it possible to use ASP.NET Forms Authentication in Web Services?
    >> or should I use WSE 3.0 UserNameTokens?
    >>
    >> I have to call the web service from a Web App, a Windows App and a
    >> SmartPhone app.
    >>
    >> Thanks
    >>
    >> Henrik Skak Pedersen
    >>

    >
    >
    Henrik Skak Pedersen, Apr 18, 2006
    #3
  4. Hi Dominick,

    I just got a link in a reply from the Compact Framework forum, which is a
    discussion similar to mine:
    http://forums.microsoft.com/MSDN/ShowPost.aspx?PostID=325044&SiteID=1

    I think that I will go for this solution:
    http://www.code-magazine.com/articleprint.aspx?quickid=0307071&printmode=true

    Again thank you for your reply.

    Cheers Henrik
    "Henrik Skak Pedersen" <> wrote in message
    news:...
    > Hi Dominick,
    >
    > Again, thank you for your reply :)
    >
    > Ok, so FormsAuth is out, the same is WSE because it is not supported on
    > the Compact Framework. All my users are custom users and not Windows
    > accounts, so that leaves me with implementing my own basic auth module. Do
    > you have any examples of how to do that?
    >
    > I guess that is supported on all three platforms?
    >
    > Thanks
    > henrik.
    >
    > "Dominick Baier [DevelopMentor]" <>
    > wrote in message news:...
    >> Hi Henrik,
    >> FormsAuth relies on cookies - this is very unnatural for web services -
    >> you would have to create a login method, the client needs a cookie
    >> container (bit of a problem for asp.net) etc...
    >>
    >> Well - you could use WSE3 username tokens with SSL or basic
    >> authentication with SSL (which are both very similar)
    >>
    >> basic auth would be against windows accounts only unless you implement
    >> your own basic auth module that authenticates against a custom user
    >> store.
    >> WSE3 has the concept of UsernameTokenManagers where you can implement
    >> custom authentication but has to be installed on every client
    >>
    >> HTH
    >>
    >> ---------------------------------------
    >> Dominick Baier - DevelopMentor
    >> http://www.leastprivilege.com
    >>
    >>> Hi,
    >>>
    >>> Is it possible to use ASP.NET Forms Authentication in Web Services?
    >>> or should I use WSE 3.0 UserNameTokens?
    >>>
    >>> I have to call the web service from a Web App, a Windows App and a
    >>> SmartPhone app.
    >>>
    >>> Thanks
    >>>
    >>> Henrik Skak Pedersen
    >>>

    >>
    >>

    >
    >
    Henrik Skak Pedersen, Apr 18, 2006
    #4
  5. for which solution??

    I personally would go for basic auth over SSL with a custom basic auth module
    in ASP.NET - i can help you implement that...

    ---------------------------------------
    Dominick Baier - DevelopMentor
    http://www.leastprivilege.com

    > Hi Dominick,
    >
    > I just got a link in a reply from the Compact Framework forum, which
    > is a discussion similar to mine:
    > http://forums.microsoft.com/MSDN/ShowPost.aspx?PostID=325044&SiteID=1
    >
    > I think that I will go for this solution:
    > http://www.code-magazine.com/articleprint.aspx?quickid=0307071&printmo
    > de=true
    > Again thank you for your reply.
    >
    > Cheers Henrik
    > "Henrik Skak Pedersen" <> wrote in message
    > news:...
    >> Hi Dominick,
    >>
    >> Again, thank you for your reply :)
    >>
    >> Ok, so FormsAuth is out, the same is WSE because it is not supported
    >> on the Compact Framework. All my users are custom users and not
    >> Windows accounts, so that leaves me with implementing my own basic
    >> auth module. Do you have any examples of how to do that?
    >>
    >> I guess that is supported on all three platforms?
    >>
    >> Thanks
    >> henrik.
    >> "Dominick Baier [DevelopMentor]"
    >> <> wrote in message
    >> news:...
    >>
    >>> Hi Henrik,
    >>> FormsAuth relies on cookies - this is very unnatural for web
    >>> services -
    >>> you would have to create a login method, the client needs a cookie
    >>> container (bit of a problem for asp.net) etc...
    >>> Well - you could use WSE3 username tokens with SSL or basic
    >>> authentication with SSL (which are both very similar)
    >>>
    >>> basic auth would be against windows accounts only unless you
    >>> implement
    >>> your own basic auth module that authenticates against a custom user
    >>> store.
    >>> WSE3 has the concept of UsernameTokenManagers where you can
    >>> implement
    >>> custom authentication but has to be installed on every client
    >>> HTH
    >>>
    >>> ---------------------------------------
    >>> Dominick Baier - DevelopMentor
    >>> http://www.leastprivilege.com
    >>>> Hi,
    >>>>
    >>>> Is it possible to use ASP.NET Forms Authentication in Web Services?
    >>>> or should I use WSE 3.0 UserNameTokens?
    >>>>
    >>>> I have to call the web service from a Web App, a Windows App and a
    >>>> SmartPhone app.
    >>>>
    >>>> Thanks
    >>>>
    >>>> Henrik Skak Pedersen
    >>>>
    Dominick Baier [DevelopMentor], Apr 19, 2006
    #5
  6. I was thinking of implementing a solution like the guy in this example:
    http://www.code-magazine.com/articleprint.aspx?quickid=0307071&printmode=true

    he is creating a custom SOAP header containing a user name and a password.
    Try to take a look at the SecureCalculator class.

    But I you think that your idea is better I would really appreciate your
    help.

    Cheers
    Henrik.

    "Dominick Baier [DevelopMentor]" <>
    wrote in message news:...
    > for which solution??
    >
    > I personally would go for basic auth over SSL with a custom basic auth
    > module in ASP.NET - i can help you implement that...
    >
    > ---------------------------------------
    > Dominick Baier - DevelopMentor
    > http://www.leastprivilege.com
    >
    >> Hi Dominick,
    >>
    >> I just got a link in a reply from the Compact Framework forum, which
    >> is a discussion similar to mine:
    >> http://forums.microsoft.com/MSDN/ShowPost.aspx?PostID=325044&SiteID=1
    >>
    >> I think that I will go for this solution:
    >> http://www.code-magazine.com/articleprint.aspx?quickid=0307071&printmo
    >> de=true
    >> Again thank you for your reply.
    >>
    >> Cheers Henrik
    >> "Henrik Skak Pedersen" <> wrote in message
    >> news:...
    >>> Hi Dominick,
    >>>
    >>> Again, thank you for your reply :)
    >>>
    >>> Ok, so FormsAuth is out, the same is WSE because it is not supported
    >>> on the Compact Framework. All my users are custom users and not
    >>> Windows accounts, so that leaves me with implementing my own basic
    >>> auth module. Do you have any examples of how to do that?
    >>>
    >>> I guess that is supported on all three platforms?
    >>>
    >>> Thanks
    >>> henrik.
    >>> "Dominick Baier [DevelopMentor]"
    >>> <> wrote in message
    >>> news:...
    >>>
    >>>> Hi Henrik,
    >>>> FormsAuth relies on cookies - this is very unnatural for web
    >>>> services -
    >>>> you would have to create a login method, the client needs a cookie
    >>>> container (bit of a problem for asp.net) etc...
    >>>> Well - you could use WSE3 username tokens with SSL or basic
    >>>> authentication with SSL (which are both very similar)
    >>>>
    >>>> basic auth would be against windows accounts only unless you
    >>>> implement
    >>>> your own basic auth module that authenticates against a custom user
    >>>> store.
    >>>> WSE3 has the concept of UsernameTokenManagers where you can
    >>>> implement
    >>>> custom authentication but has to be installed on every client
    >>>> HTH
    >>>>
    >>>> ---------------------------------------
    >>>> Dominick Baier - DevelopMentor
    >>>> http://www.leastprivilege.com
    >>>>> Hi,
    >>>>>
    >>>>> Is it possible to use ASP.NET Forms Authentication in Web Services?
    >>>>> or should I use WSE 3.0 UserNameTokens?
    >>>>>
    >>>>> I have to call the web service from a Web App, a Windows App and a
    >>>>> SmartPhone app.
    >>>>>
    >>>>> Thanks
    >>>>>
    >>>>> Henrik Skak Pedersen
    >>>>>

    >
    >
    Henrik Skak Pedersen, Apr 19, 2006
    #6
  7. mail me...

    ---------------------------------------
    Dominick Baier - DevelopMentor
    http://www.leastprivilege.com

    > I was thinking of implementing a solution like the guy in this
    > example:
    > http://www.code-magazine.com/articleprint.aspx?quickid=0307071&printmo
    > de=true
    >
    > he is creating a custom SOAP header containing a user name and a
    > password. Try to take a look at the SecureCalculator class.
    >
    > But I you think that your idea is better I would really appreciate
    > your help.
    >
    > Cheers
    > Henrik.
    > "Dominick Baier [DevelopMentor]"
    > <> wrote in message
    > news:...
    >
    >> for which solution??
    >>
    >> I personally would go for basic auth over SSL with a custom basic
    >> auth module in ASP.NET - i can help you implement that...
    >>
    >> ---------------------------------------
    >> Dominick Baier - DevelopMentor
    >> http://www.leastprivilege.com
    >>> Hi Dominick,
    >>>
    >>> I just got a link in a reply from the Compact Framework forum, which
    >>> is a discussion similar to mine:
    >>> http://forums.microsoft.com/MSDN/ShowPost.aspx?PostID=325044&SiteID=
    >>> 1
    >>>
    >>> I think that I will go for this solution:
    >>> http://www.code-magazine.com/articleprint.aspx?quickid=0307071&print
    >>> mo
    >>> de=true
    >>> Again thank you for your reply.
    >>> Cheers Henrik
    >>> "Henrik Skak Pedersen" <> wrote in message
    >>> news:...
    >>>> Hi Dominick,
    >>>>
    >>>> Again, thank you for your reply :)
    >>>>
    >>>> Ok, so FormsAuth is out, the same is WSE because it is not
    >>>> supported on the Compact Framework. All my users are custom users
    >>>> and not Windows accounts, so that leaves me with implementing my
    >>>> own basic auth module. Do you have any examples of how to do that?
    >>>>
    >>>> I guess that is supported on all three platforms?
    >>>>
    >>>> Thanks
    >>>> henrik.
    >>>> "Dominick Baier [DevelopMentor]"
    >>>> <> wrote in message
    >>>> news:...
    >>>>> Hi Henrik,
    >>>>> FormsAuth relies on cookies - this is very unnatural for web
    >>>>> services -
    >>>>> you would have to create a login method, the client needs a cookie
    >>>>> container (bit of a problem for asp.net) etc...
    >>>>> Well - you could use WSE3 username tokens with SSL or basic
    >>>>> authentication with SSL (which are both very similar)
    >>>>> basic auth would be against windows accounts only unless you
    >>>>> implement
    >>>>> your own basic auth module that authenticates against a custom
    >>>>> user
    >>>>> store.
    >>>>> WSE3 has the concept of UsernameTokenManagers where you can
    >>>>> implement
    >>>>> custom authentication but has to be installed on every client
    >>>>> HTH
    >>>>> ---------------------------------------
    >>>>> Dominick Baier - DevelopMentor
    >>>>> http://www.leastprivilege.com
    >>>>>> Hi,
    >>>>>>
    >>>>>> Is it possible to use ASP.NET Forms Authentication in Web
    >>>>>> Services? or should I use WSE 3.0 UserNameTokens?
    >>>>>>
    >>>>>> I have to call the web service from a Web App, a Windows App and
    >>>>>> a SmartPhone app.
    >>>>>>
    >>>>>> Thanks
    >>>>>>
    >>>>>> Henrik Skak Pedersen
    >>>>>>
    Dominick Baier [DevelopMentor], Apr 21, 2006
    #7
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Brett Porter
    Replies:
    2
    Views:
    742
    Andrea D'Onofrio [MSFT]
    Jan 20, 2004
  2. Eric
    Replies:
    2
    Views:
    1,389
    Tommy
    Feb 13, 2004
  3. Ryan
    Replies:
    8
    Views:
    1,610
    Mr. Arnold
    Feb 4, 2010
  4. Eric
    Replies:
    2
    Views:
    463
  5. Ryan
    Replies:
    0
    Views:
    794
Loading...

Share This Page