microsoft.public.dotnet.framework.aspnet.webservices

Vitaly Filimonov [MSFT]

7/26/2003 12:20:00 AM

Hello,

Forms authentication that you are using on the web site was designed for
interactive applications since it requires someone entering user name
password in the dialog provided. Web service can't use this type of
authentication because it is normally called by the application, not a
person.

Web services can use a variety of authentication other methods including
basic and Windows. Those things need to be set up in IIS (Web Server) and
your web.config will need to have the following setting:

<authentication mode="Windows" />

Next you will need to work on your client. Lets assume you will use Basic
Authentication (user name and password passed as clear text). In this case
you will need to supply user credentials in your call. This user must exist
in Windows user database of the Server (or domain) where your web service is
installed. Here is a little example assuming Service is the name of the web
reference:
---------
Service.Service1 svc = new Service.Service1();

ICredentials credentials = new NetworkCredential("user", "password",
"mydomain");
svc.Credentials = credentials;

Console.WriteLine(svc.HelloWorld());
Console.ReadLine();

---------

This is not a very secure method though since you'd have to store and pass
a password in clear text. Much more sophisticated and secure solution would
be to use WSE (Web Services Extensions) from Microsoft which provides
security enhancements. You should use WSE if you are building a web service
accessible to public. WSE documentation and install can be found on
www.microsoft.com (current version is 1.0 SP1) - just type WSE in the search
box and it should display you search results including download options.

Hope this helps a bit...

--
Vitaly.
-------
This posting is provided "AS IS" with no warranties, and confers no rights.
Use of included script samples are subject to the terms specified at
http://www.microsoft.com/info/cp....


"Chapman" <chapman@tsl.net.hk> wrote in message
news:0a7a01c351c6$f2d55eb0$a401280a@phx.gbl...
> Hello,
>
> I'm a newbie in Web Services development.
> At present, we have a web site implement in ASP.NET with
> C#. We want to add some web service on the same site.
>
> For security reason, we use Forms authentication mode and
> deny user="?".
>
> It gave System.Net.WebException to me if a web method was
> invoked.
>
> System.Net.WebException: The request failed with the error
> message: -- <html><head><title>Object
> moved</title></head><body> <h2>Object moved to <a
> href='/login.aspx?ReturnUrl=%2fclientpage%2fclient1%
> 2fClientMenu.asmx'>here</a>.</h2> </body></html> --.
>
>
> I have find some article on this issue, but it cannot this
> problem. If I allow any users, it work fine.
> This error occurred when deny user="?".
>
> How can I solve this problem?
> It seem quite difficult issue for me, and I look for a
> helping-hand...
>
> Many Thanks
> Chapman