Velocity Reviews

Velocity Reviews (http://www.velocityreviews.com/forums/index.php)
-   ASP .Net Security (http://www.velocityreviews.com/forums/f62-asp-net-security.html)
-   -   Web Service and ASP.NET Forms Authentication (http://www.velocityreviews.com/forums/t768511-web-service-and-asp-net-forms-authentication.html)

Henrik Skak Pedersen 04-18-2006 04:49 PM

Web Service and ASP.NET Forms Authentication
 
Hi,

Is it possible to use ASP.NET Forms Authentication in Web Services? or
should I use WSE 3.0 UserNameTokens?

I have to call the web service from a Web App, a Windows App and a
SmartPhone app.

Thanks

Henrik Skak Pedersen



Dominick Baier [DevelopMentor] 04-18-2006 07:20 PM

Re: Web Service and ASP.NET Forms Authentication
 
Hi Henrik,

FormsAuth relies on cookies - this is very unnatural for web services - you
would have to create a login method, the client needs a cookie container
(bit of a problem for asp.net) etc...

Well - you could use WSE3 username tokens with SSL or basic authentication
with SSL (which are both very similar)

basic auth would be against windows accounts only unless you implement your
own basic auth module that authenticates against a custom user store.
WSE3 has the concept of UsernameTokenManagers where you can implement custom
authentication but has to be installed on every client

HTH

---------------------------------------
Dominick Baier - DevelopMentor
http://www.leastprivilege.com

> Hi,
>
> Is it possible to use ASP.NET Forms Authentication in Web Services?
> or should I use WSE 3.0 UserNameTokens?
>
> I have to call the web service from a Web App, a Windows App and a
> SmartPhone app.
>
> Thanks
>
> Henrik Skak Pedersen
>




Henrik Skak Pedersen 04-18-2006 07:58 PM

Re: Web Service and ASP.NET Forms Authentication
 
Hi Dominick,

Again, thank you for your reply :-)

Ok, so FormsAuth is out, the same is WSE because it is not supported on the
Compact Framework. All my users are custom users and not Windows accounts,
so that leaves me with implementing my own basic auth module. Do you have
any examples of how to do that?

I guess that is supported on all three platforms?

Thanks
henrik.

"Dominick Baier [DevelopMentor]" <dbaier@pleasepleasenospamdevelop.com>
wrote in message news:4580be63199f8f8c83144fc7b09d5@news.microsoft. com...
> Hi Henrik,
> FormsAuth relies on cookies - this is very unnatural for web services -
> you would have to create a login method, the client needs a cookie
> container (bit of a problem for asp.net) etc...
>
> Well - you could use WSE3 username tokens with SSL or basic authentication
> with SSL (which are both very similar)
>
> basic auth would be against windows accounts only unless you implement
> your own basic auth module that authenticates against a custom user store.
> WSE3 has the concept of UsernameTokenManagers where you can implement
> custom authentication but has to be installed on every client
>
> HTH
>
> ---------------------------------------
> Dominick Baier - DevelopMentor
> http://www.leastprivilege.com
>
>> Hi,
>>
>> Is it possible to use ASP.NET Forms Authentication in Web Services?
>> or should I use WSE 3.0 UserNameTokens?
>>
>> I have to call the web service from a Web App, a Windows App and a
>> SmartPhone app.
>>
>> Thanks
>>
>> Henrik Skak Pedersen
>>

>
>




Henrik Skak Pedersen 04-18-2006 08:15 PM

Re: Web Service and ASP.NET Forms Authentication
 
Hi Dominick,

I just got a link in a reply from the Compact Framework forum, which is a
discussion similar to mine:
http://forums.microsoft.com/MSDN/Sho...25044&SiteID=1

I think that I will go for this solution:
http://www.code-magazine.com/article...printmode=true

Again thank you for your reply.

Cheers Henrik
"Henrik Skak Pedersen" <skak@community.nospam> wrote in message
news:uLqdtJyYGHA.2136@TK2MSFTNGP05.phx.gbl...
> Hi Dominick,
>
> Again, thank you for your reply :-)
>
> Ok, so FormsAuth is out, the same is WSE because it is not supported on
> the Compact Framework. All my users are custom users and not Windows
> accounts, so that leaves me with implementing my own basic auth module. Do
> you have any examples of how to do that?
>
> I guess that is supported on all three platforms?
>
> Thanks
> henrik.
>
> "Dominick Baier [DevelopMentor]" <dbaier@pleasepleasenospamdevelop.com>
> wrote in message news:4580be63199f8f8c83144fc7b09d5@news.microsoft. com...
>> Hi Henrik,
>> FormsAuth relies on cookies - this is very unnatural for web services -
>> you would have to create a login method, the client needs a cookie
>> container (bit of a problem for asp.net) etc...
>>
>> Well - you could use WSE3 username tokens with SSL or basic
>> authentication with SSL (which are both very similar)
>>
>> basic auth would be against windows accounts only unless you implement
>> your own basic auth module that authenticates against a custom user
>> store.
>> WSE3 has the concept of UsernameTokenManagers where you can implement
>> custom authentication but has to be installed on every client
>>
>> HTH
>>
>> ---------------------------------------
>> Dominick Baier - DevelopMentor
>> http://www.leastprivilege.com
>>
>>> Hi,
>>>
>>> Is it possible to use ASP.NET Forms Authentication in Web Services?
>>> or should I use WSE 3.0 UserNameTokens?
>>>
>>> I have to call the web service from a Web App, a Windows App and a
>>> SmartPhone app.
>>>
>>> Thanks
>>>
>>> Henrik Skak Pedersen
>>>

>>
>>

>
>




Dominick Baier [DevelopMentor] 04-19-2006 07:45 AM

Re: Web Service and ASP.NET Forms Authentication
 
for which solution??

I personally would go for basic auth over SSL with a custom basic auth module
in ASP.NET - i can help you implement that...

---------------------------------------
Dominick Baier - DevelopMentor
http://www.leastprivilege.com

> Hi Dominick,
>
> I just got a link in a reply from the Compact Framework forum, which
> is a discussion similar to mine:
> http://forums.microsoft.com/MSDN/Sho...25044&SiteID=1
>
> I think that I will go for this solution:
> http://www.code-magazine.com/article...307071&printmo
> de=true
> Again thank you for your reply.
>
> Cheers Henrik
> "Henrik Skak Pedersen" <skak@community.nospam> wrote in message
> news:uLqdtJyYGHA.2136@TK2MSFTNGP05.phx.gbl...
>> Hi Dominick,
>>
>> Again, thank you for your reply :-)
>>
>> Ok, so FormsAuth is out, the same is WSE because it is not supported
>> on the Compact Framework. All my users are custom users and not
>> Windows accounts, so that leaves me with implementing my own basic
>> auth module. Do you have any examples of how to do that?
>>
>> I guess that is supported on all three platforms?
>>
>> Thanks
>> henrik.
>> "Dominick Baier [DevelopMentor]"
>> <dbaier@pleasepleasenospamdevelop.com> wrote in message
>> news:4580be63199f8f8c83144fc7b09d5@news.microsoft. com...
>>
>>> Hi Henrik,
>>> FormsAuth relies on cookies - this is very unnatural for web
>>> services -
>>> you would have to create a login method, the client needs a cookie
>>> container (bit of a problem for asp.net) etc...
>>> Well - you could use WSE3 username tokens with SSL or basic
>>> authentication with SSL (which are both very similar)
>>>
>>> basic auth would be against windows accounts only unless you
>>> implement
>>> your own basic auth module that authenticates against a custom user
>>> store.
>>> WSE3 has the concept of UsernameTokenManagers where you can
>>> implement
>>> custom authentication but has to be installed on every client
>>> HTH
>>>
>>> ---------------------------------------
>>> Dominick Baier - DevelopMentor
>>> http://www.leastprivilege.com
>>>> Hi,
>>>>
>>>> Is it possible to use ASP.NET Forms Authentication in Web Services?
>>>> or should I use WSE 3.0 UserNameTokens?
>>>>
>>>> I have to call the web service from a Web App, a Windows App and a
>>>> SmartPhone app.
>>>>
>>>> Thanks
>>>>
>>>> Henrik Skak Pedersen
>>>>




Henrik Skak Pedersen 04-19-2006 07:08 PM

Re: Web Service and ASP.NET Forms Authentication
 
I was thinking of implementing a solution like the guy in this example:
http://www.code-magazine.com/article...printmode=true

he is creating a custom SOAP header containing a user name and a password.
Try to take a look at the SecureCalculator class.

But I you think that your idea is better I would really appreciate your
help.

Cheers
Henrik.

"Dominick Baier [DevelopMentor]" <dbaier@pleasepleasenospamdevelop.com>
wrote in message news:4580be6319a0268c831ad25b249fa@news.microsoft. com...
> for which solution??
>
> I personally would go for basic auth over SSL with a custom basic auth
> module in ASP.NET - i can help you implement that...
>
> ---------------------------------------
> Dominick Baier - DevelopMentor
> http://www.leastprivilege.com
>
>> Hi Dominick,
>>
>> I just got a link in a reply from the Compact Framework forum, which
>> is a discussion similar to mine:
>> http://forums.microsoft.com/MSDN/Sho...25044&SiteID=1
>>
>> I think that I will go for this solution:
>> http://www.code-magazine.com/article...307071&printmo
>> de=true
>> Again thank you for your reply.
>>
>> Cheers Henrik
>> "Henrik Skak Pedersen" <skak@community.nospam> wrote in message
>> news:uLqdtJyYGHA.2136@TK2MSFTNGP05.phx.gbl...
>>> Hi Dominick,
>>>
>>> Again, thank you for your reply :-)
>>>
>>> Ok, so FormsAuth is out, the same is WSE because it is not supported
>>> on the Compact Framework. All my users are custom users and not
>>> Windows accounts, so that leaves me with implementing my own basic
>>> auth module. Do you have any examples of how to do that?
>>>
>>> I guess that is supported on all three platforms?
>>>
>>> Thanks
>>> henrik.
>>> "Dominick Baier [DevelopMentor]"
>>> <dbaier@pleasepleasenospamdevelop.com> wrote in message
>>> news:4580be63199f8f8c83144fc7b09d5@news.microsoft. com...
>>>
>>>> Hi Henrik,
>>>> FormsAuth relies on cookies - this is very unnatural for web
>>>> services -
>>>> you would have to create a login method, the client needs a cookie
>>>> container (bit of a problem for asp.net) etc...
>>>> Well - you could use WSE3 username tokens with SSL or basic
>>>> authentication with SSL (which are both very similar)
>>>>
>>>> basic auth would be against windows accounts only unless you
>>>> implement
>>>> your own basic auth module that authenticates against a custom user
>>>> store.
>>>> WSE3 has the concept of UsernameTokenManagers where you can
>>>> implement
>>>> custom authentication but has to be installed on every client
>>>> HTH
>>>>
>>>> ---------------------------------------
>>>> Dominick Baier - DevelopMentor
>>>> http://www.leastprivilege.com
>>>>> Hi,
>>>>>
>>>>> Is it possible to use ASP.NET Forms Authentication in Web Services?
>>>>> or should I use WSE 3.0 UserNameTokens?
>>>>>
>>>>> I have to call the web service from a Web App, a Windows App and a
>>>>> SmartPhone app.
>>>>>
>>>>> Thanks
>>>>>
>>>>> Henrik Skak Pedersen
>>>>>

>
>




Dominick Baier [DevelopMentor] 04-21-2006 02:24 PM

Re: Web Service and ASP.NET Forms Authentication
 
mail me...

---------------------------------------
Dominick Baier - DevelopMentor
http://www.leastprivilege.com

> I was thinking of implementing a solution like the guy in this
> example:
> http://www.code-magazine.com/article...307071&printmo
> de=true
>
> he is creating a custom SOAP header containing a user name and a
> password. Try to take a look at the SecureCalculator class.
>
> But I you think that your idea is better I would really appreciate
> your help.
>
> Cheers
> Henrik.
> "Dominick Baier [DevelopMentor]"
> <dbaier@pleasepleasenospamdevelop.com> wrote in message
> news:4580be6319a0268c831ad25b249fa@news.microsoft. com...
>
>> for which solution??
>>
>> I personally would go for basic auth over SSL with a custom basic
>> auth module in ASP.NET - i can help you implement that...
>>
>> ---------------------------------------
>> Dominick Baier - DevelopMentor
>> http://www.leastprivilege.com
>>> Hi Dominick,
>>>
>>> I just got a link in a reply from the Compact Framework forum, which
>>> is a discussion similar to mine:
>>> http://forums.microsoft.com/MSDN/Sho...325044&SiteID=
>>> 1
>>>
>>> I think that I will go for this solution:
>>> http://www.code-magazine.com/article...=0307071&print
>>> mo
>>> de=true
>>> Again thank you for your reply.
>>> Cheers Henrik
>>> "Henrik Skak Pedersen" <skak@community.nospam> wrote in message
>>> news:uLqdtJyYGHA.2136@TK2MSFTNGP05.phx.gbl...
>>>> Hi Dominick,
>>>>
>>>> Again, thank you for your reply :-)
>>>>
>>>> Ok, so FormsAuth is out, the same is WSE because it is not
>>>> supported on the Compact Framework. All my users are custom users
>>>> and not Windows accounts, so that leaves me with implementing my
>>>> own basic auth module. Do you have any examples of how to do that?
>>>>
>>>> I guess that is supported on all three platforms?
>>>>
>>>> Thanks
>>>> henrik.
>>>> "Dominick Baier [DevelopMentor]"
>>>> <dbaier@pleasepleasenospamdevelop.com> wrote in message
>>>> news:4580be63199f8f8c83144fc7b09d5@news.microsoft. com...
>>>>> Hi Henrik,
>>>>> FormsAuth relies on cookies - this is very unnatural for web
>>>>> services -
>>>>> you would have to create a login method, the client needs a cookie
>>>>> container (bit of a problem for asp.net) etc...
>>>>> Well - you could use WSE3 username tokens with SSL or basic
>>>>> authentication with SSL (which are both very similar)
>>>>> basic auth would be against windows accounts only unless you
>>>>> implement
>>>>> your own basic auth module that authenticates against a custom
>>>>> user
>>>>> store.
>>>>> WSE3 has the concept of UsernameTokenManagers where you can
>>>>> implement
>>>>> custom authentication but has to be installed on every client
>>>>> HTH
>>>>> ---------------------------------------
>>>>> Dominick Baier - DevelopMentor
>>>>> http://www.leastprivilege.com
>>>>>> Hi,
>>>>>>
>>>>>> Is it possible to use ASP.NET Forms Authentication in Web
>>>>>> Services? or should I use WSE 3.0 UserNameTokens?
>>>>>>
>>>>>> I have to call the web service from a Web App, a Windows App and
>>>>>> a SmartPhone app.
>>>>>>
>>>>>> Thanks
>>>>>>
>>>>>> Henrik Skak Pedersen
>>>>>>





All times are GMT. The time now is 01:10 PM.

Powered by vBulletin®. Copyright ©2000 - 2014, vBulletin Solutions, Inc.
SEO by vBSEO ©2010, Crawlability, Inc.