User Authentication

[Alex. O. Koranteng]

I am new to Web Services and would like to write a web services to
authenticate the user logged on. Any suggestions where to start or resources
to read on.

Thanks

Alex

 

[Steven Cheng]

Hi Alex,

From your description, you're developing an ASP.NET webservice(ASMX)
application, and wondering how to secuire the webservice application such
as provide user logon authentication, correct?

Based on my experience, for ASP.NET webservice, you have the following
options for apply user logon authentication:

** Since ASP.NET web application are hosted in IIS server, therefore, you
can using windows authentication which rely on the IIS's integrated windows
authentication. IIS will do the authentication for client request and then
forward the authenticated user info to ASP.NET application(your ASP.NET
application also set to "Windows" authentication so as to associate it
with each request Httpcontext).

** If you do not want to use windows authentication, maybe the client is
not quite rely on windows platform or .NET client. You can consider some
standard authentication methods(such as HTTP basic authentication), this
also rely on the IIS server to help authenticate the request.

Otherwise, you can also use custom authentication. That means use some
data/property of your webservice SOAP message itself. For example, you can
use custom soap header, for even some method parameter to carry the
security user logon info.

here are some web reference introducing most of the approaches for securing
ASP.NET webservice:

#Securing XML Web Services Created Using ASP.NET
http://msdn.microsoft.com/en-us/library/w67h0dw7(VS.71).aspx

#Security Options for .NET Web Services
http://dotnet.sys-con.com/node/38918

Sincerely,

Steven Cheng

Microsoft MSDN Online Support Lead


Delighting our customers is our #1 priority. We welcome your comments and
suggestions about how we can improve the support we provide to you. Please
feel free to let my manager know what you think of the level of service
provided. You can send feedback directly to my manager at:
(e-mail address removed).

==================================================
Get notification to my posts through email? Please refer to
http://msdn.microsoft.com/en-us/subscriptions/aa948868.aspx#notifications.

Note: The MSDN Managed Newsgroup support offering is for non-urgent issues
where an initial response from the community or a Microsoft Support
Engineer within 1 business day is acceptable. Please note that each follow
up response may take approximately 2 business days as the support
professional working with you may need further investigation to reach the
most efficient resolution. The offering is not appropriate for situations
that require urgent, real-time or phone-based interactions or complex
project analysis and dump analysis issues. Issues of this nature are best
handled working with a dedicated Microsoft Support Engineer by contacting
Microsoft Customer Support Services (CSS) at
http://support.microsoft.com/select/default.aspx?target=assistance&ln=en-us.
==================================================
This posting is provided "AS IS" with no warranties, and confers no rights.


--------------------

 

[Alex. O. Koranteng]

Steve,

Thanks for the suggestions. I am using using windows authentication. My
business scenarion will be something like described below:

I have created a simple web service like Hello word. Would like authenticate
the user who is logged on, in this situation Alex-PC\test. If not show
invalid user credentials message.

Thanks

 

[Steven Cheng]

Thanks for your reply Alex,

If you're using windows authenticaiton, most of them have been done by the
IIS and ASP.NET authentication modules and our application just need to do
some configuration work. Have you made it working?

One thing is that if you test if via Visual studio test server, it is
different from IIS that VS test server by default always use NTLM
authentiation and run under the logon user. While deploying in IIS, you
need to configure both IIS virtual directory and ASP.NET web.config to make
sure windows authentication is used.

If you have anything unclear, please feel free to let me know.

Sincerely,

Steven Cheng

Microsoft MSDN Online Support Lead


Delighting our customers is our #1 priority. We welcome your comments and
suggestions about how we can improve the support we provide to you. Please
feel free to let my manager know what you think of the level of service
provided. You can send feedback directly to my manager at:
(e-mail address removed).

==================================================
Get notification to my posts through email? Please refer to
http://msdn.microsoft.com/en-us/subscriptions/aa948868.aspx#notifications.

==================================================
This posting is provided "AS IS" with no warranties, and confers no rights.

--------------------

From: =?Utf-8?B?QWxleC4gTy4gS29yYW50ZW5n?= <[email protected]>
References: <[email protected]>

 

[Steven Cheng]

Hi Alex,

Have you got any further progress on this issue or do you still have any
other questions?
If so, please feel free to let me know.

Sincerely,

Steven Cheng

Microsoft MSDN Online Support Lead


Delighting our customers is our #1 priority. We welcome your comments and
suggestions about how we can improve the support we provide to you. Please
feel free to let my manager know what you think of the level of service
provided. You can send feedback directly to my manager at:
(e-mail address removed).

==================================================
Get notification to my posts through email? Please refer to
http://msdn.microsoft.com/en-us/subscriptions/aa948868.aspx#notifications.

==================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------