Best practice with authentication and web service
I want to develop an internet-based application, using web services as
back-end, and the front end as smart-client application, running on PDA
I know how to implement form based authentication for ASP.NET
applications, but I'm wonder how to implement the security in this
web-service based application.
The issue is the web service should be accessed only by known users,
using username and password. I know I can pass user / pass parameters
to every method (beside required parameters for the method), but it
doesn't seems the best approach: first, because user - pass should be
carried over in every call, and second that the web service should
authenticate at every call, this way slowing things down.
I'm wonder if it is possible to use a sort of authentication (based on
form authentication) for web services. What I'm thinking of is, the web
app (which will actually contains ONLY web services) to contains a web
service page used for authentication (that service and its method which
should be called very first time when start to access the web-services)
then to be able to call other web services (located in other ASPX pages
under same virtual folder) and they should only perform IF the
authentication service (one invoked by "login" page - forms
authentication page) succesfully authenticaed the client.
If this is not possible, can anoone give me some better suggestions on
how to authenticate clients? And possible some links to some useful
resources regarding authentication and web services?
|All times are GMT. The time now is 04:05 PM.|
Powered by vBulletin®. Copyright ©2000 - 2013, vBulletin Solutions, Inc.
SEO by vBSEO ©2010, Crawlability, Inc.