XML Webservice authentication

[serge calderara]

Hi,

I would say that it depends what you are planning to do a and who is goinf
to acess your web service and from where.

In other words do you planned to published your web service or does your web
service is part of your asp application.

The most secure would be to use security feature of IIS and use Windows
Authentication. Cookies are not secure and are mainly used to retain user
information except sensitive data.

If you want to provide FromAuthentication then you could keep in cookies a
unique GUI corresponding to the user and then refer to that GUI from a
database where you will extract information.

hope it helps
regards
serge

 

[GMG]

Is it possible to use FormAuthentication or do I have to manage my own
cookies and if so a sample/URL would be greatly appreciated.

 

[Josh Twist]

One of the key features FormsAuthentication offers is automatic
redirect for non-logged in users to a login page. As I'm sure you'll
appreciate this makes no sense in the context of a web service.

Most web services don't use cookies in this way, they simply request
the username/password with each request. You can even use WSE
(http://msdn.microsoft.com/webservices/building/wse/) to help you do
this in an industry standard way (WS-Security standard).

If you have any questions about any of this - just shout!

Josh
http://www.thejoyofcode.com/