Web Services and Forms Authentication Question

C

Chapman

Hello,

I'm a newbie in Web Services development.
At present, we have a web site implement in ASP.NET with
C#. We want to add some web service on the same site.

For security reason, we use Forms authentication mode and
deny user="?".

It gave System.Net.WebException to me if a web method was
invoked.

System.Net.WebException: The request failed with the error
message: -- <html><head><title>Object
moved</title></head><body> <h2>Object moved to <a
href='/login.aspx?ReturnUrl=%2fclientpage%2fclient1%
2fClientMenu.asmx'>here</a>.</h2> </body></html> --.


I have find some article on this issue, but it cannot this
problem. If I allow any users, it work fine.
This error occurred when deny user="?".

How can I solve this problem?
It seem quite difficult issue for me, and I look for a
helping-hand...

Many Thanks
Chapman
 
V

Vitaly Filimonov [MSFT]

Hello,

Forms authentication that you are using on the web site was designed for
interactive applications since it requires someone entering user name
password in the dialog provided. Web service can't use this type of
authentication because it is normally called by the application, not a
person.

Web services can use a variety of authentication other methods including
basic and Windows. Those things need to be set up in IIS (Web Server) and
your web.config will need to have the following setting:

<authentication mode="Windows" />

Next you will need to work on your client. Lets assume you will use Basic
Authentication (user name and password passed as clear text). In this case
you will need to supply user credentials in your call. This user must exist
in Windows user database of the Server (or domain) where your web service is
installed. Here is a little example assuming Service is the name of the web
reference:
---------
Service.Service1 svc = new Service.Service1();

ICredentials credentials = new NetworkCredential("user", "password",
"mydomain");
svc.Credentials = credentials;

Console.WriteLine(svc.HelloWorld());
Console.ReadLine();

---------

This is not a very secure method though since you'd have to store and pass
a password in clear text. Much more sophisticated and secure solution would
be to use WSE (Web Services Extensions) from Microsoft which provides
security enhancements. You should use WSE if you are building a web service
accessible to public. WSE documentation and install can be found on
www.microsoft.com (current version is 1.0 SP1) - just type WSE in the search
box and it should display you search results including download options.

Hope this helps a bit...
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

Forum statistics

Threads
473,744
Messages
2,569,483
Members
44,901
Latest member
Noble71S45

Latest Threads

Top