XML Webservice authentication

  • Thread starter Dominick Baier [DevelopMentor]
  • Start date
S

serge calderara

Hi,

I would say that it depends what you are planning to do a and who is goinf
to acess your web service and from where.

In other words do you planned to published your web service or does your web
service is part of your asp application.

The most secure would be to use security feature of IIS and use Windows
Authentication. Cookies are not secure and are mainly used to retain user
information except sensitive data.

If you want to provide FromAuthentication then you could keep in cookies a
unique GUI corresponding to the user and then refer to that GUI from a
database where you will extract information.

hope it helps
regards
serge
 
G

GMG

Is it possible to use FormAuthentication or do I have to manage my own
cookies and if so a sample/URL would be greatly appreciated.
 
G

GMG

ok, the purpose of this xml webservice is to only return simple XML (not
SOAP). It will serve the XML over the Internet to a third party application
which will make the requests, but will need to be authenticated via a
cookie. How can I achieve this in my Web Service ?
 
J

Josh Twist

One of the key features FormsAuthentication offers is automatic
redirect for non-logged in users to a login page. As I'm sure you'll
appreciate this makes no sense in the context of a web service.

Most web services don't use cookies in this way, they simply request
the username/password with each request. You can even use WSE
(http://msdn.microsoft.com/webservices/building/wse/) to help you do
this in an industry standard way (WS-Security standard).

If you have any questions about any of this - just shout!

Josh
http://www.thejoyofcode.com/
 
D

Dominick Baier [DevelopMentor]

Hi,

what do you mean with "but will need to be authenticated via a cookie" ??
 
D

Dominick Baier [DevelopMentor]

aha -

so you have a web application which already does authentication using forms
and on some pages you call a webservice..?


---------------------------------------
Dominick Baier - DevelopMentor
http://www.leastprivilege.com
The client will be Internet Explorer HTML pages using XML Data Island
technology, the only solution I can see is to use cookies, but I am
new to Web Services so may be there is a better techonology I can use.

Hi,

what do you mean with "but will need to be authenticated via a
cookie" ??

---------------------------------------
Dominick Baier - DevelopMentor
http://www.leastprivilege.com
ok, the purpose of this xml webservice is to only return simple XML
(not SOAP). It will serve the XML over the Internet to a third party
application which will make the requests, but will need to be
authenticated via a cookie. How can I achieve this in my Web Service
?

"Dominick Baier [DevelopMentor]"

Hi,

formsauth is not supported - i wouldn't recommend using cookies -
the "web service way" would be to use a SOAP header. Thats
basically what

WS-Security

specifies. Have a look at WSE3 here:

http://msdn.microsoft.com/webservices/

---------------------------------------
Dominick Baier - DevelopMentor
http://www.leastprivilege.com
Is it possible to use FormAuthentication or do I have to manage my
own cookies and if so a sample/URL would be greatly appreciated.
 
D

Dominick Baier [DevelopMentor]

if i am right with this assumption - you can use formsauth - just use the
authorization element -

you have to make sure that the data island xml call sends the formsauth cookie
- i am not sure if this happens by default/how it works.

---------------------------------------
Dominick Baier - DevelopMentor
http://www.leastprivilege.com
aha -

so you have a web application which already does authentication using
forms and on some pages you call a webservice..?

---------------------------------------
Dominick Baier - DevelopMentor
http://www.leastprivilege.com
The client will be Internet Explorer HTML pages using XML Data Island
technology, the only solution I can see is to use cookies, but I am
new to Web Services so may be there is a better techonology I can
use.

Hi,

what do you mean with "but will need to be authenticated via a
cookie" ??

---------------------------------------
Dominick Baier - DevelopMentor
http://www.leastprivilege.com
ok, the purpose of this xml webservice is to only return simple XML
(not SOAP). It will serve the XML over the Internet to a third
party application which will make the requests, but will need to be
authenticated via a cookie. How can I achieve this in my Web
Service ?

"Dominick Baier [DevelopMentor]"

Hi,

formsauth is not supported - i wouldn't recommend using cookies -
the "web service way" would be to use a SOAP header. Thats
basically what

WS-Security

specifies. Have a look at WSE3 here:

http://msdn.microsoft.com/webservices/

---------------------------------------
Dominick Baier - DevelopMentor
http://www.leastprivilege.com
Is it possible to use FormAuthentication or do I have to manage
my own cookies and if so a sample/URL would be greatly
appreciated.
 
G

GMG

The client will be Internet Explorer HTML pages using XML Data Island
technology, the only solution I can see is to use cookies, but I am new to
Web Services so may be there is a better techonology I can use.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

Forum statistics

Threads
473,731
Messages
2,569,432
Members
44,834
Latest member
BuyCannaLabsCBD

Latest Threads

Top