best way implement web service with authentication.

Thread view:

Enable EMail Alerts

Start New Thread

Thread rating:

modi - 24 Jan 2007 09:16 GMT

hi,
We guys have implement a webservice wherein we authenticate the user
by passing the same in soap headers. once is the user is authenticated
we flag the user as authenticated in a session variable. My doubt is,
is it the right way of implementing this. We are using inproc to store
the session. And i know this is not the right way to store the session.

Our requirements are:
1. We want the webservice to be universally consumed by any client(i.e
the client may be written java etc).
2. We dont want our clients to break their heads in configuring the
soap headers, encrypt those and pass it.
2. Best way to authenticate the client.

This question might seem obvious to many....may be i am
ignorant in this issue.
Please help!!
regards
modi

Reply to this Message

Mark Nelson - 30 Jan 2007 08:38 GMT

Modi,

Considering your scenario, your design looks fine.
But it's a better idea to encrypt and pass the SOAP headers.

Signature

Thanks & Regards,
Mark Nelson

> hi,
> We guys have implement a webservice wherein we authenticate the user
[quoted text clipped - 15 lines]
> regards
> modi

Reply to this Message

WishMaster - 31 Jan 2007 05:06 GMT

On Jan 30, 7:38 pm, Mark Nelson <MarkNel...@discussions.microsoft.com>
wrote:

> Modi,
>
[quoted text clipped - 24 lines]
> > regards
> > modi

Hi,

To achieve good security, you have to compromise and to adding the
security in header is pretty standard way to implement and this is why
we have SOAP standards.

and yes, if your service is going to be accessed universally then I
would suggest to consider SSL as well.

Cheers,
Amer

Reply to this Message

Rate this thread:

best way implement web service with authentication.

Free Magazines