RE: Illegal to mix Authentication methods ?

From: mklapp (mklapp_at_zippy.com)
Date: 02/03/04


Date: Tue, 3 Feb 2004 08:16:10 -0800

The authentication strategy here is an evolving thing. I am only configuring Authentication between the App and (I guess) IIS. The web service is for both internal use by a WinForm client and external use by a Web App. Authentication is implemented by both as a user login. This prevents unauthorized users from using the apps to access the Web Service. The nature of a web service, of course, let's any app negotiate the service through a published interface.

It is my intent not to publish the interface. Granted my intent may be frustrated by the nature of the beast. The same high level of abstraction that makes it possible to do so much so quickly, also could set up functionality I do not know about. The directory holding the web service is planned to disallow anonymous access. Beyond that the strategy will be determined by what is possible and necessary.