[lnkForumImage]
TotalShareware - Download Free Software
Confronta i prezzi di migliaia di prodotti.
Asp Forum
 Home | Login | Register | Search 


 

Forums >

microsoft.public.dotnet.framework.aspnet.webservices

Using Authentication for a WebService

Erik Porter [.NET MVP]

1/22/2003 3:53:00 AM

Anyone know how I would go about doing this?

I have a WindowsForms application and I have a WebService. Right now the
WebService is wide open and anybody can call the WebMethods and mess with
the DB by doing so. Now I know I can use Authentication just like in
ASP.NET for the WebService, but how do I get my WindowsForms app to send a
UserID and Password across the wire to the WebService so it knows who they
are and can either deny them access or allow them access.

I have no clue where to start. I've looked around, but haven't found
anything on this. Anyone got some tips for me or good links? Thanx a lot!

Erik Porter
Microsoft .NET MVP
1 Answer

Pierre Greborio

1/22/2003 11:56:00 AM

0

You have two main scenario:

- ASP.NET authentication mechanims

- SOAP authentication mechanism

The former is based on IIS and embed the user information on HTTP header.
You have all choices as ASP.NET, then: clear text, Kerberos, NTLM, digest,
etc. For an unsecure transport layer the first one isn't suggested at all
since the username and password are sent in a clear form (baste64) and
anyone in the middle can read and eventually change it.
If your PC is on the same domain of the web service I suggest Kerberos or at
least NTLM (if AD isn't available) in order to send the credentials in a
very secure way. In either cases to send the credentials you have to assign
the Credentials property. If you want to get the current logged user
credentials you can get them with CredentialCache.DefaultCredentials,
otherwise you have to use NetworkCredentials.
On the server side you can get the request credentials from User property of
you web service class.

The SOAP authentication mechanism is protocol (HTTP) intependent and the
credentials are embedded into the SOAP envelope. For any reference see
http://msdn.microsoft.com/webservices/default.aspx?pull=/library/e...
srv/html/progwse.asp

Pierre

--
-----------------------------------------------------------
Pierre Greborio
http://www.ugi...
-----------------------------------------------------------
"Erik Porter [.NET MVP]" <erikporter@mvps.org> wrote in message
news:uPEUOFcwCHA.640@TK2MSFTNGP12...
> Anyone know how I would go about doing this?
>
> I have a WindowsForms application and I have a WebService. Right now the
> WebService is wide open and anybody can call the WebMethods and mess with
> the DB by doing so. Now I know I can use Authentication just like in
> ASP.NET for the WebService, but how do I get my WindowsForms app to send a
> UserID and Password across the wire to the WebService so it knows who they
> are and can either deny them access or allow them access.
>
> I have no clue where to start. I've looked around, but haven't found
> anything on this. Anyone got some tips for me or good links? Thanx a
lot!
>
> Erik Porter
> Microsoft .NET MVP
>
>