ASP.NET authentication for single-user site

Question

I created site-gallery. I use ajax requests from client side to server's webservices like this:

var executeService = function(params, url, callbackSuccess, callbackError, isCache) {
    $.ajax({
            type: "POST",
            url: url,
            contentType: "application/json; charset=utf-8",
            dataType: "json",
            data: params,
            success: callbackSuccess,
            error: callbackError,
            cache: isCache
        });
};

and this:

[WebMethod]
public string GetImagesByCategory()
{
    var imageList = new List<JSONGallery>();
    //...
    return imageList.ToJSON();
}

I want to develop administrative page. On this page I want to manage the site's content. Only one user will have access to this page and to administrative web-service's methods (adding, deleting and etc). Which type of authentication will be preferred for me?

I would use Forms authentication, but how can I control access to the web-service?

Thanks.

Answer 1

You could use just form authentication for both if you restricted access to authenticated users only (and the services are on the same site obviously). You can set this in the web.config with:

<authentication mode="Forms">
  <forms loginUrl="~/login.aspx" protection="All" timeout="2880" />
</authentication>
<authorization>
  <deny users="?" />
</authorization>

That way only users who have logged in will have permission to run the service.

If you have other pages/directories that you want to make accessible you can add an authorization rule to allow open access to these element, such as CSS files or images.

<location path="assets">
  <system.web>
    <authorization>
      <allow users="*" />
    </authorization>
  </system.web>
</location>

Answer 2

You can use form authentication for admin web pages and Basic Authentication for web services, you can enable basic authentication on webservices by IIS.