Windows app using webservice sessions and cookies

Discussion in 'ASP .Net Web Services' started by Joshua Moore, Jan 18, 2006.

  1. Joshua Moore

    Joshua Moore Guest

    I've never used the web service session or cookie information and really
    need help.

    I'm trying to only allow certain users access to certain web methods. I
    have a database of users but prefer not to hit the database with every web
    call as well as pass the user/password information with each call. I have
    tons of ideas from sessions and cookies to who knows what, but I'm hoping
    for someone more experienced to put me down the right path. Should I try to
    have the same session, pass back a cookie, and implement a proxy class for
    the CookieContainer, etc.? This is the only thing I've seen that looks
    viable from a windows app.

    Thank you, thank you, thank you in advance,
    Joshua Moore
    Joshua Moore, Jan 18, 2006
    #1
    1. Advertising

  2. Joshua Moore

    Martin Kulov Guest

    "Joshua Moore" <> wrote in message
    news:...
    > I've never used the web service session or cookie information and really
    > need help.

    ....
    > Should I try to have the same session, pass back a cookie, and implement a
    > proxy class for the CookieContainer, etc.? This is the only thing I've
    > seen that looks viable from a windows app.
    >
    > Thank you, thank you, thank you in advance,
    > Joshua Moore


    Hi Joshua,
    you can enable sessions in web service using the attribute
    [WebMethod(EnableSession=true)]. On the client side you need to allow
    storing cookies since IIS session is saved and stored in a cookie. Enable
    cookie support by creating a CookieContainter like this:

    MyService myService = new MyService();
    myService.CookieContainer =
    new System.Net.CookieContainer();

    From there on you can use IIS session management like any other ASP.NET
    page.

    Best,

    --
    Martin Kulov
    http://www.codeattest.com/blogs/martin

    MCAD Charter Member
    MCSD.NET Early Achiever
    MCSD
    Martin Kulov, Jan 19, 2006
    #2
    1. Advertising

  3. Joshua Moore

    Joshua Moore Guest

    First, thank you for your response. I've got this far, but I'm not sure how
    to pass up the information to the web service that I'm trying to 're-enter'
    the same session. Who writes the cookie - the client or server side?
    Sorry, I know these are newbie questions.

    Thanks,
    Joshua Moore


    "Martin Kulov" <> wrote in message
    news:...
    > "Joshua Moore" <> wrote in message
    > news:...
    >> I've never used the web service session or cookie information and really
    >> need help.

    > ...
    >> Should I try to have the same session, pass back a cookie, and implement
    >> a proxy class for the CookieContainer, etc.? This is the only thing I've
    >> seen that looks viable from a windows app.
    >>
    >> Thank you, thank you, thank you in advance,
    >> Joshua Moore

    >
    > Hi Joshua,
    > you can enable sessions in web service using the attribute
    > [WebMethod(EnableSession=true)]. On the client side you need to allow
    > storing cookies since IIS session is saved and stored in a cookie. Enable
    > cookie support by creating a CookieContainter like this:
    >
    > MyService myService = new MyService();
    > myService.CookieContainer =
    > new System.Net.CookieContainer();
    >
    > From there on you can use IIS session management like any other ASP.NET
    > page.
    >
    > Best,
    >
    > --
    > Martin Kulov
    > http://www.codeattest.com/blogs/martin
    >
    > MCAD Charter Member
    > MCSD.NET Early Achiever
    > MCSD
    >
    >
    Joshua Moore, Jan 19, 2006
    #3
  4. Joshua Moore

    Joshua Moore Guest

    So here's where I'm at so far:

    I have a custom set of usernames and passwords that I want to pass
    (encrypted) to the web service and have it validate the user before doing
    the method or throw an exception. I was hoping to either 1) return a cookie
    (if that's the right term) saying you're authorized to use the service for
    another 4 hours or 2) realize this is above me and check the database each
    time they call sensitive methods to authorize them first. I have no clue
    whether to use the user.identity, cookies, use a soapheader class that has
    username & password variables, etc. Mostly I just need someone to set me
    straight on what I need to use and what to leave alone. The other issue is
    if I don't return information on when their session expires, I'll have to
    pass up their user/pass each time I call the method, which seems quite
    insecure. Should I use cookies? I just need to send an encrypted
    username/password with specific methods or know that they are authenticated,
    and if they haven't passed their 4 hour limit connection, let them do what
    they requested. If someone could please just do some commenting like:

    // create a web service instance
    TestService.JoshTestService service = new TestService.JoshTestService();

    // create a cookiecontainer on the web service
    service.CookieContainer = new CookieContainer();

    // make a call to a web method off the web service to login, passing in an
    encrypted soap header

    // from the web service, check to see if they're authenticated already or if
    authenticated and the timeout is up

    etc etc etc.

    I realize this is asking a lot, but I've been spinning my wheels and can't
    sleep.

    Thanks,
    Joshua Moore
    Joshua Moore, Jan 19, 2006
    #4
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Ken Cox [Microsoft MVP]

    Re: Relationship between IIS Sessions and ASP.NET Sessions?

    Ken Cox [Microsoft MVP], Aug 8, 2003, in forum: ASP .Net
    Replies:
    1
    Views:
    5,343
    Luther Miller
    Aug 8, 2003
  2. Thomas Scheiderich

    Cookies, sessions and timeouts

    Thomas Scheiderich, Jun 23, 2004, in forum: ASP .Net
    Replies:
    1
    Views:
    444
    Thomas Scheiderich
    Jun 24, 2004
  3. _Who
    Replies:
    7
    Views:
    2,625
  4. scottymo
    Replies:
    3
    Views:
    674
    Dominick Baier
    Sep 30, 2006
  5. Bookham Measures

    Moving from ASP Sessions to Database Sessions

    Bookham Measures, Jul 23, 2007, in forum: ASP General
    Replies:
    19
    Views:
    542
    Bookham Measures
    Aug 23, 2007
Loading...

Share This Page