«

I've never used the web service session or cookie information and really
need help.

I'm trying to only allow certain users access to certain web methods. I
have a database of users but prefer not to hit the database with every web
call as well as pass the user/password information with each call. I have
tons of ideas from sessions and cookies to who knows what, but I'm hoping
for someone more experienced to put me down the right path. Should I try to
have the same session, pass back a cookie, and implement a proxy class for
the CookieContainer, etc.? This is the only thing I've seen that looks
viable from a windows app.

Thank you, thank you, thank you in advance,
Joshua Moore

"Joshua Moore" <> wrote in message
news:_ISdnbCmfKjzGVPeRVn-...
> I've never used the web service session or cookie information and really
> need help.
....
> Should I try to have the same session, pass back a cookie, and implement a
> proxy class for the CookieContainer, etc.? This is the only thing I've
> seen that looks viable from a windows app.
>
> Thank you, thank you, thank you in advance,
> Joshua Moore

Hi Joshua,
you can enable sessions in web service using the attribute
[WebMethod(EnableSession=true)]. On the client side you need to allow
storing cookies since IIS session is saved and stored in a cookie. Enable
cookie support by creating a CookieContainter like this:

MyService myService = new MyService();
myService.CookieContainer =
new System.Net.CookieContainer();

From there on you can use IIS session management like any other ASP.NET
page.

Best,

--
Martin Kulov
http://www.codeattest.com/blogs/martin

MCAD Charter Member
MCSD.NET Early Achiever
MCSD

First, thank you for your response. I've got this far, but I'm not sure how
to pass up the information to the web service that I'm trying to 're-enter'
the same session. Who writes the cookie - the client or server side?
Sorry, I know these are newbie questions.

Thanks,
Joshua Moore


"Martin Kulov" <> wrote in message
news:...
> "Joshua Moore" <> wrote in message
> news:_ISdnbCmfKjzGVPeRVn-...
>> I've never used the web service session or cookie information and really
>> need help.
> ...
>> Should I try to have the same session, pass back a cookie, and implement
>> a proxy class for the CookieContainer, etc.? This is the only thing I've
>> seen that looks viable from a windows app.
>>
>> Thank you, thank you, thank you in advance,
>> Joshua Moore
>
> Hi Joshua,
> you can enable sessions in web service using the attribute
> [WebMethod(EnableSession=true)]. On the client side you need to allow
> storing cookies since IIS session is saved and stored in a cookie. Enable
> cookie support by creating a CookieContainter like this:
>
> MyService myService = new MyService();
> myService.CookieContainer =
> new System.Net.CookieContainer();
>
> From there on you can use IIS session management like any other ASP.NET
> page.
>
> Best,
>
> --
> Martin Kulov
> http://www.codeattest.com/blogs/martin
>
> MCAD Charter Member
> MCSD.NET Early Achiever
> MCSD
>
>

So here's where I'm at so far:

I have a custom set of usernames and passwords that I want to pass
(encrypted) to the web service and have it validate the user before doing
the method or throw an exception. I was hoping to either 1) return a cookie
(if that's the right term) saying you're authorized to use the service for
another 4 hours or 2) realize this is above me and check the database each
time they call sensitive methods to authorize them first. I have no clue
whether to use the user.identity, cookies, use a soapheader class that has
username & password variables, etc. Mostly I just need someone to set me
straight on what I need to use and what to leave alone. The other issue is
if I don't return information on when their session expires, I'll have to
pass up their user/pass each time I call the method, which seems quite
insecure. Should I use cookies? I just need to send an encrypted
username/password with specific methods or know that they are authenticated,
and if they haven't passed their 4 hour limit connection, let them do what
they requested. If someone could please just do some commenting like:

// create a web service instance
TestService.JoshTestService service = new TestService.JoshTestService();

// create a cookiecontainer on the web service
service.CookieContainer = new CookieContainer();

// make a call to a web method off the web service to login, passing in an
encrypted soap header

// from the web service, check to see if they're authenticated already or if
authenticated and the timeout is up

etc etc etc.

I realize this is asking a lot, but I've been spinning my wheels and can't
sleep.

Thanks,
Joshua Moore