Home | Contact Us | FAQ | Search & Site Map | Link to Us
Sign In | Join | Other 45 Sites in Network
HomeAnnouncementsFree MagazinesWhite PapersSubmit Content
Discussion GroupsASP.NETWindows FormsLanguages.NET FrameworkVisual Studio.NET
Articles.NET FrameworkASP.NETToolsWindows Forms
.NET DirectoryOpen Source ProjectsUser GroupsWeb Resources
Related Topics
Visual Basic 6SQL ServerMS AccessOther DB ProductsMS Server ProductsMore Topics ...
.NET Forum / ASP.NET / Web Services / March 2005

Tip: Looking for answers? Try searching our database.

Securing a webservice on a app-by-app basis?

Thread view: 
Enable EMail Alerts  Start New Thread
Thread rating: 
Dave - 01 Mar 2005 18:29 GMT
Hi,

1.) We have a central database of shared values that is maintained by an
asp.net app.  Only a few admins have access to the maintenance forms for this
data which is secured by a simple web.config in forms folder for now.

2.) This application also exposes some webservices that allows client
applications to consume the data that is maintained within it.

How can I restrict which of our intranet applications consume the
webservices? IOW, apps A & B can access the webservices but C, D, E can't.  
I want to determine which app is requesting the webservice to grant or deny
access.   When I debug, and make web service request from a client app, I see
the global.asax events in the shared app get fired.  Is this a good place to
check any credentials being passed? If so how or what can I check?  

We use Active Directory and have Integrated security set on the shared
application and client applications.

Thanks, Dave.
Reply to this Message
Dilip Krishnan - 02 Mar 2005 03:10 GMT
Hello Dave,
  Couple of ways you can do this...
1. Use impersonation if what you actually want to restrict is the users of
the intranet applications. Set the impersonation to true and challenge the
users using basic authentication in your intranet applications
2. If what you want to restrict is the applications (not the users) You may
have to run your intranet applications under specific accounts and then enforce
role based authorization in the web service application accordingly.

HTH
Regards,
Dilip Krishnan
MCAD, MCSD.net
dkrishnan at geniant dot com
http://www.geniant.com

> Hi,
>
[quoted text clipped - 18 lines]
>
> Thanks, Dave.
Reply to this Message

Free Magazines

Get these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...

Oracle MagazineNetwork ComputingComputer WorldBio-IT WorldeWeekInformation WeekInfosecurity
 
Sign In
Join
My Latest Posts
My Monitored Threads
My Blog
My Photo Gallery
My Profile
My Homepage
Start New Thread
Enable EMail Alerts
Rate this Thread



©2008 Advenet LLC   Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.