Web Services Authentication & Session Management

Toby Riley · Oct 23, 2003

Need some advice,

I have a GUI client and a web service that performs various functions. I
would be like to be able to log in a user once and create an authentication
ticket for that session.

Then every web method called would check the session has been authenticated
and the ticket is still valid otherwise you would get nothing - or an error.

Once the GUI is closed or user logs out the auth ticket is recinded and a
the session closed. (or time out after certain period of inactivity).

The way i do this at the moment is to authorise every method call and it
feels clumsy.

Any help appreciated.

Thanks

Toby

John Bristowe · Oct 23, 2003

Toby,

Take a look WS-SecureConversation [1] support in WSE v2.0 [2].

Cheers,

John
http://www.bristowe.com/

[1] http://msdn.microsoft.com/ws/2002/12/ws-secure-conversation/
[2]
http://www.microsoft.com/downloads/details.aspx?familyid=21fb9b9a-c5f6-4c95-87b7-fc7ab49b3edd

Toby Riley · Oct 24, 2003

Thanks but this is too new. Plus it clearly states The technology preview of
WSE 2.0 is unsupported and is not licensed for production use.

I believe i can get this done using session state and authentication tickets
but not sure how to go about this from a GUI client prospective.

Regards

Toby.

John Bristowe said:
Toby,

Take a look WS-SecureConversation [1] support in WSE v2.0 [2].

Cheers,

John
http://www.bristowe.com/

[1] http://msdn.microsoft.com/ws/2002/12/ws-secure-conversation/
[2]
http://www.microsoft.com/downloads/details.aspx?familyid=21fb9b9a-c5f6-4c95-87b7-fc7ab49b3edd

Need some advice,

I have a GUI client and a web service that performs various functions. I
would be like to be able to log in a user once and create an authentication
ticket for that session.

Then every web method called would check the session has been authenticated
and the ticket is still valid otherwise you would get nothing - or an error.

Once the GUI is closed or user logs out the auth ticket is recinded and a
the session closed. (or time out after certain period of inactivity).

The way i do this at the moment is to authorise every method call and it
feels clumsy.

Any help appreciated.

Thanks

Toby

Click to expand...

Jacob Yang [MSFT] · Oct 25, 2003

Hi Toby,

I have reviewed your issue. Due to the nature of your issue I need to do
additional research to determine the best way to provide assistance. I will
contact you as soon as possible.

Best regards,

Jacob Yang
Microsoft Online Partner Support
Get Secure! ¨C www.microsoft.com/security
This posting is provided "as is" with no warranties and confers no rights.

John Bristowe · Oct 25, 2003

Toby,

Thanks but this is too new.

I would be interested to hear why you feel this way. Are you referring to
the technology (i.e. WSE v2.0) or the specification (WS-SecureConversation)?

I believe i can get this done using session state and authentication tickets
but not sure how to go about this from a GUI client prospective.

Are you implying HTTP with session state? Have you considered the
possibility of using other transfer/transport protocols?

Cheers,

John
http://www.bristowe.com/

John Bristowe said:
Thanks but this is too new. Plus it clearly states The technology preview of
WSE 2.0 is unsupported and is not licensed for production use.

I believe i can get this done using session state and authentication tickets
but not sure how to go about this from a GUI client prospective.

Regards

Toby.

John Bristowe said:

Toby,

Take a look WS-SecureConversation [1] support in WSE v2.0 [2].

Cheers,

John
http://www.bristowe.com/

[1] http://msdn.microsoft.com/ws/2002/12/ws-secure-conversation/
[2]

Click to expand...

http://www.microsoft.com/downloads/details.aspx?familyid=21fb9b9a-c5f6-4c95-87b7-fc7ab49b3edd and

a

Click to expand...

MSFT · Oct 27, 2003

Hi Toby,

You may take a look at following article to see if it will help:

HOW TO: Use CookieContainer to Maintain a State in Web Services When You
Use Visual C# .NET
http://support.microsoft.com/default.aspx?scid=KB;EN-US;Q816637

Regards,

Luke
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)

Toby Riley · Oct 27, 2003

Seems that this is web based. Does the CookieContainer work on a GUI

thks.

Toby.

MSFT · Oct 28, 2003

Yes, You can use it in a Windows appliaction project. The code in
Button1_Click and Button2_Click are most import.

Luke
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)

Authentication and Web Services	2	Mar 7, 2007
How to effectively develop a web application from scratch?	0	Jul 2, 2023
Forms Authentication and session timeout	0	Oct 31, 2008
Basic authentication UI for web-services	0	Sep 13, 2006
Best way to deploy authentication on web services	0	Dec 27, 2004
httplib with NETRC authentication	4	May 14, 2014
Session ID management	2	Jun 12, 2007
ASP.Net web services authentication (NTLM)	0	Oct 29, 2003

Web Services Authentication & Session Management

Toby Riley

John Bristowe

Toby Riley

Jacob Yang [MSFT]

John Bristowe

MSFT

Toby Riley

MSFT

Ask a Question

Similar Threads

Members online

Forum statistics

Latest Threads