Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > ASP .Net > ASP .Net Web Services > best way implement web service with authentication.

Reply
Thread Tools

best way implement web service with authentication.

 
 
modi
Guest
Posts: n/a
 
      01-24-2007
hi,
We guys have implement a webservice wherein we authenticate the user
by passing the same in soap headers. once is the user is authenticated
we flag the user as authenticated in a session variable. My doubt is,
is it the right way of implementing this. We are using inproc to store
the session. And i know this is not the right way to store the session.


Our requirements are:
1. We want the webservice to be universally consumed by any client(i.e
the client may be written java etc).
2. We dont want our clients to break their heads in configuring the
soap headers, encrypt those and pass it.
2. Best way to authenticate the client.

This question might seem obvious to many....may be i am
ignorant in this issue.
Please help!!
regards
modi

 
Reply With Quote
 
 
 
 
Mark Nelson
Guest
Posts: n/a
 
      01-30-2007
Modi,

Considering your scenario, your design looks fine.
But it's a better idea to encrypt and pass the SOAP headers.

--
Thanks & Regards,
Mark Nelson


"modi" wrote:

> hi,
> We guys have implement a webservice wherein we authenticate the user
> by passing the same in soap headers. once is the user is authenticated
> we flag the user as authenticated in a session variable. My doubt is,
> is it the right way of implementing this. We are using inproc to store
> the session. And i know this is not the right way to store the session.
>
>
> Our requirements are:
> 1. We want the webservice to be universally consumed by any client(i.e
> the client may be written java etc).
> 2. We dont want our clients to break their heads in configuring the
> soap headers, encrypt those and pass it.
> 2. Best way to authenticate the client.
>
> This question might seem obvious to many....may be i am
> ignorant in this issue.
> Please help!!
> regards
> modi
>
>

 
Reply With Quote
 
 
 
 
WishMaster
Guest
Posts: n/a
 
      01-31-2007
On Jan 30, 7:38 pm, Mark Nelson <(E-Mail Removed)>
wrote:
> Modi,
>
> Considering your scenario, your design looks fine.
> But it's a better idea to encrypt and pass the SOAP headers.
>
> --
> Thanks & Regards,
> Mark Nelson
>
> "modi" wrote:
> > hi,
> > We guys have implement a webservice wherein we authenticate the user
> > by passing the same in soap headers. once is the user is authenticated
> > we flag the user as authenticated in a session variable. My doubt is,
> > is it the right way of implementing this. We are using inproc to store
> > the session. And i know this is not the right way to store the session.

>
> > Our requirements are:
> > 1. We want the webservice to be universally consumed by any client(i.e
> > the client may be written java etc).
> > 2. We dont want our clients to break their heads in configuring the
> > soap headers, encrypt those and pass it.
> > 2. Best way to authenticate the client.

>
> > This question might seem obvious to many....may be i am
> > ignorant in this issue.
> > Please help!!
> > regards
> > modi



Hi,

To achieve good security, you have to compromise and to adding the
security in header is pretty standard way to implement and this is why
we have SOAP standards.

and yes, if your service is going to be accessed universally then I
would suggest to consider SSL as well.

Cheers,
Amer

 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Best way to implement multiple/editable languages in a web-app? Dag Sunde Java 5 12-17-2006 05:10 AM
InvocationTargetException when calling "new Service()" in Axis web service to call another web service Michael Averstegge Java 0 01-10-2006 11:05 PM
Best Way to Implement Web Services Mohammad Java 1 05-25-2004 05:41 PM
Re: BEST WAY TO implement shopping basket Kevin Spencer ASP .Net 0 08-05-2003 04:23 PM
Re: Best way to implement ASP Session variables Steve C. Orr, MCSD ASP .Net 0 07-16-2003 09:09 PM



Advertisments