Reputation: 2526
How authenticate web methods in a web service?
I'm using Asp.net c# language programming. What is the best way for authenticating web methods in a web service? Is it right having authentication for every web method and verify user name and password for each web method? Is there a way to authenticate just once not for every web method? something like using sessions and etc?
Upvotes: 1
Views: 5246
Answers (2)
Reputation: 7203
You might want to look into this one:
http://weblogs.asp.net/cibrax/archive/2006/03/14/implementing-a-secure-token-service-with-wcf.aspx
Edit
If you are bound to only use asmx for some reason, then I would also suggest looking into WSE from MSFT.
http://www.microsoft.com/downloads/en/details.aspx?FamilyID=018A09FD-3A74-43C5-8EC1-8D789091255D
You can pass around a token from your client into the web method. The token is encrypted with public/private keys.
For more info here:
http://msdn.microsoft.com/en-us/library/ms996931.aspx
Upvotes: 2
Reputation: 161773
First of all, you should be using WCF for web service development unless you're stuck at .NET 2.0.
Secondly, you can use Windows authentication or Basic authentication over https, but those restrict you to users who are Windows users. If you have a separate set of users, then you will need to do your own authentication.
You can use SOAP Headers so that you don't need a username and password in every web method.
Upvotes: 0
Related Questions
- .NET web service secure
- How to authenticate a web service in C#
- asp.net web services(.asmx) authorization for particular method
- How to authenticate user while calling a webservice (in ASP.Net)?
- asmx web service: client authentication
- Authenticate a web service
- how to authenticate user in web services
- What is the most efficient/secure way to authenticate a web service in ASP.NET?
- What is the best way to have Authenticate for a Web Service
- How to effectively authenticate the user calling a webservice?