using a web service securely

[Tim Zych]

I am adding a web service to an asp.net solution. Currently, I use forms
authentication to login to the solution (no web service yet). How can I use
a web service that is protected from everyone but those who have login
access? A brief read on google has said that forms authentication is not
really appropriate for a web service. Does this mean I must scrap forms
authentication if I want to add a web service?

I know I can read up on this (which I will), but is there some bare bones
way to do this that will provide some simple level of security? Any pointers
would be helpful.

Thanks.

 

[Lucas Tam]

How can I use a web service that is protected from everyone but those
who have login access? A brief read on google has said that forms
authentication is not really appropriate for a web service. Does this
mean I must scrap forms authentication if I want to add a web service?

A webservice works different than a web application, hence forms
authentication does not work for web services.

Easiest method to accomplish what you want would be to pass the
username/password to the web service on each request. If you use this
method, make sure you use SSL encryption so that the usernames/password
can't be read.

Otherwise take a look at Microsoft's Web Service Enhancements v2.0... there
are a lot of security features in the add-on.