Hi Alex,
From your description, you're developing an ASP.NET webservice(ASMX)
application, and wondering how to secuire the webservice application such
as provide user logon authentication, correct?
Based on my experience, for ASP.NET webservice, you have the following
options for apply user logon authentication:
** Since ASP.NET web application are hosted in IIS server, therefore, you
can using windows authentication which rely on the IIS's integrated windows
authentication. IIS will do the authentication for client request and then
forward the authenticated user info to ASP.NET application(your ASP.NET
application also set to "Windows" authentication so as to associate it
with each request Httpcontext).
** If you do not want to use windows authentication, maybe the client is
not quite rely on windows platform or .NET client. You can consider some
standard authentication methods(such as HTTP basic authentication), this
also rely on the IIS server to help authenticate the request.
Otherwise, you can also use custom authentication. That means use some
data/property of your webservice SOAP message itself. For example, you can
use custom soap header, for even some method parameter to carry the
security user logon info.
here are some web reference introducing most of the approaches for securing
ASP.NET webservice:
#Securing XML Web Services Created Using ASP.NET
http://msdn.microsoft.com/en-us/library/w67h0dw7(VS.71).aspx
#Security Options for .NET Web Services
http://dotnet.sys-con.com/node/38918
Sincerely,
Steven Cheng
Microsoft MSDN Online Support Lead
Delighting our customers is our #1 priority. We welcome your comments and
suggestions about how we can improve the support we provide to you. Please
feel free to let my manager know what you think of the level of service
provided. You can send feedback directly to my manager at:
(e-mail address removed).
==================================================
Get notification to my posts through email? Please refer to
http://msdn.microsoft.com/en-us/subscriptions/aa948868.aspx#notifications.
Note: The MSDN Managed Newsgroup support offering is for non-urgent issues
where an initial response from the community or a Microsoft Support
Engineer within 1 business day is acceptable. Please note that each follow
up response may take approximately 2 business days as the support
professional working with you may need further investigation to reach the
most efficient resolution. The offering is not appropriate for situations
that require urgent, real-time or phone-based interactions or complex
project analysis and dump analysis issues. Issues of this nature are best
handled working with a dedicated Microsoft Support Engineer by contacting
Microsoft Customer Support Services (CSS) at
http://support.microsoft.com/select/default.aspx?target=assistance&ln=en-us.
==================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------