Reputation: 981
UserName Authentication web services
I need to implement UserName authentication for my web service.
Currently I am considering these two approaches
- SOAPHeader: http://www.codeproject.com/KB/cpp/authforwebservices.aspx
- UserNameToken: WSE 3.0: http://msdn.microsoft.com/en-us/library/aa480575.aspx
Can anyone tell me pros-cons of these approaches?
One of the major doubt is regarding client being able to consume the service. Client is using Java, would it be possible for them to pass UserNameToken implemented using WSE or are there any integration issues?
EDIT: Also please suggest if there are any better ways (ASMX Services) to implement UserName/Password authentication.
Upvotes: 2
Views: 4961
Answers (2)
Reputation: 5753
I would like to warn you against using WSE 3.0. Unless you are involved in a large enterprise federated system, stay well clear. It's way too much, overly complicated and we are still trying to rid it from one of our major systems.
If you just need to use username authentication then use the soap header approach.
MSDN Link: Building Secure ASP.NET Applications: Authentication, Authorization, and Secure Communication
Upvotes: 2
Related Questions
- .NET web service secure
- How to authenticate user while calling a webservice (in ASP.Net)?
- User authentication to database using .NET web service
- Asp.net forms authenticated webservice
- asp.net webservices authentication/authorization
- how to authenticate user in web services
- Basic authentication for the web service
- web service security in asp.net
- what authentication should I use for my web service in this case?
- How to effectively authenticate the user calling a webservice?