Windows app using webservice sessions and cookies

J

Joshua Moore

I've never used the web service session or cookie information and really
need help.

I'm trying to only allow certain users access to certain web methods. I
have a database of users but prefer not to hit the database with every web
call as well as pass the user/password information with each call. I have
tons of ideas from sessions and cookies to who knows what, but I'm hoping
for someone more experienced to put me down the right path. Should I try to
have the same session, pass back a cookie, and implement a proxy class for
the CookieContainer, etc.? This is the only thing I've seen that looks
viable from a windows app.

Thank you, thank you, thank you in advance,
Joshua Moore
 
M

Martin Kulov

Joshua Moore said:
I've never used the web service session or cookie information and really
need help. ....
Should I try to have the same session, pass back a cookie, and implement a
proxy class for the CookieContainer, etc.? This is the only thing I've
seen that looks viable from a windows app.

Thank you, thank you, thank you in advance,
Joshua Moore
Click to expand...

Hi Joshua,
you can enable sessions in web service using the attribute
[WebMethod(EnableSession=true)]. On the client side you need to allow
storing cookies since IIS session is saved and stored in a cookie. Enable
cookie support by creating a CookieContainter like this:

MyService myService = new MyService();
myService.CookieContainer =
new System.Net.CookieContainer();

From there on you can use IIS session management like any other ASP.NET
page.

Best,

--
Martin Kulov
http://www.codeattest.com/blogs/martin

MCAD Charter Member
MCSD.NET Early Achiever
MCSD
 
J

Joshua Moore

First, thank you for your response. I've got this far, but I'm not sure how
to pass up the information to the web service that I'm trying to 're-enter'
the same session. Who writes the cookie - the client or server side?
Sorry, I know these are newbie questions.

Thanks,
Joshua Moore


Martin Kulov said:
Joshua Moore said:
I've never used the web service session or cookie information and really
need help. ...
Should I try to have the same session, pass back a cookie, and implement
a proxy class for the CookieContainer, etc.? This is the only thing I've
seen that looks viable from a windows app.

Thank you, thank you, thank you in advance,
Joshua Moore
Click to expand...

Hi Joshua,
you can enable sessions in web service using the attribute
[WebMethod(EnableSession=true)]. On the client side you need to allow
storing cookies since IIS session is saved and stored in a cookie. Enable
cookie support by creating a CookieContainter like this:

MyService myService = new MyService();
myService.CookieContainer =
new System.Net.CookieContainer();

From there on you can use IIS session management like any other ASP.NET
page.

Best,

--
Martin Kulov
http://www.codeattest.com/blogs/martin

MCAD Charter Member
MCSD.NET Early Achiever
MCSD
Click to expand...
 
J

Joshua Moore

So here's where I'm at so far:

I have a custom set of usernames and passwords that I want to pass
(encrypted) to the web service and have it validate the user before doing
the method or throw an exception. I was hoping to either 1) return a cookie
(if that's the right term) saying you're authorized to use the service for
another 4 hours or 2) realize this is above me and check the database each
time they call sensitive methods to authorize them first. I have no clue
whether to use the user.identity, cookies, use a soapheader class that has
username & password variables, etc. Mostly I just need someone to set me
straight on what I need to use and what to leave alone. The other issue is
if I don't return information on when their session expires, I'll have to
pass up their user/pass each time I call the method, which seems quite
insecure. Should I use cookies? I just need to send an encrypted
username/password with specific methods or know that they are authenticated,
and if they haven't passed their 4 hour limit connection, let them do what
they requested. If someone could please just do some commenting like:

// create a web service instance
TestService.JoshTestService service = new TestService.JoshTestService();

// create a cookiecontainer on the web service
service.CookieContainer = new CookieContainer();

// make a call to a web method off the web service to login, passing in an
encrypted soap header

// from the web service, check to see if they're authenticated already or if
authenticated and the timeout is up

etc etc etc.

I realize this is asking a lot, but I've been spinning my wheels and can't
sleep.

Thanks,
Joshua Moore
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Using Cookies 0
Managing webservice connections and/or sessions on clint side 9
C++ VS C# for specific app 1
Using Session from a Windows App throgh a WebService 3
Problem with Sessions / Cookies 8
WebService and cookies 0
Sessions & Cookies 1
problem with webservice using formsauthentication 0

Members online

Total: 71 (members: 3, guests: 68)
Robots: 486

Forum statistics

Threads
473,995
Messages
2,570,226
Members
46,815
Latest member
treekmostly22

Latest Threads

Top