Reputation: 473
.NET web service secure
Are there any good examples out there of how the following web service would work? I would like a Windows/web client to be able to access a web service, but the client should pass a username, password, and IP address and the web service should be able to determine if it is on the list of allowed users or not before taking the request.
Thanks in advance!
Upvotes: 0
Views: 539
Answers (3)
Reputation: 1063944
With WCF, you can do this by using TransportWithMessageCredential security (over SSL) and providing your own password validator. At this point, however, you don't (I'm told) have access to the client IP; for that you'd need to check the IP in your method itself - you can do this using RemoteEndpointMessageProperty, like so.
If you don't want to go down the TransportWithMessageCredential route, then it is also valid (but ungainly) to pass the username and password as arguments to the method (as long as the transport is secure).
Upvotes: 1
Reputation: 115538
Well you can set the web service to use NT authentication which will get a token representing the username and password. The allowed users will be defined by the NT security. As far as the IP address goes that will be passed in the HTTP headers by default.
Upvotes: 0
Reputation: 7248
We have a WebService Login method that verifies supplied credentials. A ticket value is return if the user is validated.
This ticket is then used as a SoapHeader when using every other WebMethod. http://msdn.microsoft.com/en-us/library/system.web.services.protocols.soapheader.aspx
Upvotes: 1
Related Questions
- How can I implement security in web service?
- asp.net webservices authentication/authorization
- Securing A Web Service .Net
- WebService Security
- how to authenticate user in web services
- Secure a web service that has Forms Authentication
- UserName Authentication web services
- .NET Web Service Security
- What is the best way to have Authenticate for a Web Service
- Securing a Web Service