 |
 | Home | Contact Us | FAQ | Search & Site Map | Link to Us |
 | Sign In | Join | Other 45 Sites in Network |
.NET Forum / ASP.NET / Web Services / October 2005SoapClient authentication
Hi, I'm trying to use WSE through a Proxy class generated with WseWsdl2 in order to be independent from the transport protocol. My service is implemented through a ASP.Net Web Service (with WSE). I'm trying to authenticate users (like I used to do with Intergrated Security in IIS and Network Credentials in the client for the standard Web Services). Is there any way to do that? Ijust want to allow only Windows authenticated users to use my service but without loosing the flexibility of the trsnaport protocol independence. Thanks a lot  SignatureLucasC Hi Lucas, The answer is yes. First all, your service must derive from SoapService in order to make it independent from the transport protocol as well. Regarding to the authentication question, you can do that using an UsernameToken as client token. The default UsernameTokenManager shipped in WSE authenticates user against a valid windows account (Using the API "LogonUser" ), so in that case it works as Windows authentication. Regards, Pablo Cibraro www.lagash.com > Hi, > I'm trying to use WSE through a Proxy class generated with WseWsdl2 in [quoted text clipped - 11 lines] > > Thanks a lot Hi Pablo, Thanks for the answer. I have some doubts about that. My application doesn't know the username and password (everything works with Integrated Security) so I don't have the password to create the UserNameToken. Is there any way to use it without requesting the user password to the user? If I derive my service from SoapService, is it possible to implement it as ASMX (standard Web Service)? or Do I have to make mayor changes? Thanks a lot. SignatureLucasC > Hi Lucas, > The answer is yes. First all, your service must derive from SoapService in [quoted text clipped - 24 lines] > > > > Thanks a lot Hi Lucas, If you don't have the password, you might create a usernametoken without a password. (You will have to implement a custom UsernameTokenManager to accept tokens without a password) In that case, to avoid "non-repudiation" attacks, you will need to encrypt and sign the message with a X509 Cert and only accept messages protected with that certificate. Yes, it's possible to publish a SoapService as an ASMX , you will have to configure it as a HttpHandler. Regards, Pablo Cibraro www.lagash.com > Hi Pablo, > Thanks for the answer. I have some doubts about that. [quoted text clipped - 41 lines] >> > >> > Thanks a lot Hi Pablo, Is there any way to use something like Intergrated Security in the same way you set default Network Credentials? Thanks a lot SignatureLucasC > Hi Lucas, > If you don't have the password, you might create a usernametoken without a [quoted text clipped - 55 lines] > >> > > >> > Thanks a lot Sorry Lucas, I forgot to mention something, you can use a kerberos token instead (The current user's credentials will flow to the server). It will work as Integrated Security in that way. Regards, Pablo. > Hi Pablo, > Is there any way to use something like Intergrated Security in the same [quoted text clipped - 67 lines] >> >> > >> >> > Thanks a lot Free MagazinesGet these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...
|
Reply to this Message
|
 Sign In
 Join
 My Latest Posts My Monitored Threads My Blog My Photo Gallery My Profile My Homepage Start New Thread Enable EMail Alerts Rate this Thread
|
©2008 Advenet LLC Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.