Re: Web Service and ASP.NET Forms Authentication

for which solution??

I personally would go for basic auth over SSL with a custom basic auth module in ASP.NET - i can help you implement that...

---------------------------------------
Dominick Baier - DevelopMentor
http://www.leastprivilege.com

Hi Dominick,

I just got a link in a reply from the Compact Framework forum, which
is a discussion similar to mine:
http://forums.microsoft.com/MSDN/ShowPost.aspx?PostID=325044&SiteID=1

I think that I will go for this solution:
http://www.code-magazine.com/articleprint.aspx?quickid=0307071&printmo
de=true
Again thank you for your reply.

Cheers Henrik
"Henrik Skak Pedersen" <skak@xxxxxxxxxxxxxxxx> wrote in message
news:uLqdtJyYGHA.2136@xxxxxxxxxxxxxxxxxxxxxxx
Hi Dominick,

Again, thank you for your reply :-)

Ok, so FormsAuth is out, the same is WSE because it is not supported
on the Compact Framework. All my users are custom users and not
Windows accounts, so that leaves me with implementing my own basic
auth module. Do you have any examples of how to do that?

I guess that is supported on all three platforms?

Thanks
henrik.
"Dominick Baier [DevelopMentor]"
<dbaier@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:4580be63199f8f8c83144fc7b09d5@xxxxxxxxxxxxxxxxxxxxx

Hi Henrik,
FormsAuth relies on cookies - this is very unnatural for web
services -
you would have to create a login method, the client needs a cookie
container (bit of a problem for asp.net) etc...
Well - you could use WSE3 username tokens with SSL or basic
authentication with SSL (which are both very similar)

basic auth would be against windows accounts only unless you
implement
your own basic auth module that authenticates against a custom user
store.
WSE3 has the concept of UsernameTokenManagers where you can
implement
custom authentication but has to be installed on every client
HTH

---------------------------------------
Dominick Baier - DevelopMentor
http://www.leastprivilege.com
Hi,

Is it possible to use ASP.NET Forms Authentication in Web Services?
or should I use WSE 3.0 UserNameTokens?

I have to call the web service from a Web App, a Windows App and a
SmartPhone app.

Thanks

Henrik Skak Pedersen



.

Relevant Pages

  • Re: Web Service and ASP.NET Forms Authentication
    ... Dominick Baier - DevelopMentor ... I personally would go for basic auth over SSL with a custom basic ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: Web Service and ASP.NET Forms Authentication
    ... he is creating a custom SOAP header containing a user name and a password. ... I personally would go for basic auth over SSL with a custom basic auth ... custom authentication but has to be installed on every client ... Is it possible to use ASP.NET Forms Authentication in Web Services? ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: Mixed Mode Authentication in .net 2.0
    ... Basic auth should be used with SSL. ... authentication should use SSL anyway, ... Co-author of "The .NET Developer's Guide to Directory Services Programming" ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: [Full-disclosure] HTTP AUTH BASIC monowall.
    ... does anyone else agree with me that using HTTP BASIC AUTH ... Once you're doing BASIC over SSL, ... endpoints aren't secure, you can't *really* secure the path between them. ... the first guy to try anonymous FTP to the site because the FTP server doesn't ...
    (Full-Disclosure)
  • Re: [Full-disclosure] HTTP AUTH BASIC monowall.
    ... does anyone else agree with me that using HTTP BASIC AUTH ... SSL is not a fix for the problem, SSL is just a way of evading the ... attacker is in a prime position to extort companies being managed by ...
    (Full-Disclosure)