Re: calling a web service protected by RSA SecurID

You can't really do this in a standards-based way. The forms auth done by
SecurID doesn't use any of the standard HTTP transport level security
protocols like Basic, Digest or Integrated auth and doesn't correspond with
the WS-Security specification for doing message level security.

My overally assessment is that the authentication mechanism in use on the
website is inappropriate for use with programmatic agents like web services.
You should consider changing that. However, if it is not an option, you'll
likely need to implement a proprietary mechanism to handle the SecurID auth
and then add the required cookie programmatically to your web service proxy
class. I've seen that done before, although I can't tell you exactly how
you'll go about doing that in this case as each forms auth mechanism is a
little different. You'll need to reverse engineer the form post and figure
out how to collect the required cookie from the server's response.

Good luck!

Joe K.

--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"
http://www.directoryprogramming.net
--
<ajfish@xxxxxxxxxxxxxxxx> wrote in message
news:1175095816.307593.146320@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Hi,

my client has an extranet IIS web server protected by RSA SecurID.
it's running my asp.net 1.1 application. when they use the web app
from a browser they have to log in to RSA, then they see the login
screen for our application (forms authentication) and everything is
fine.

however, when they use our winforms client application to access a web
service (which is part of the same web app), it doesn't work. we are
handling HTTP 401 responses correctly in the windows client but I
guess SecurID is not using this mechanism.

anyone know how I can get a .Net 1.1 winforms application to connect
to a web service that is proected by SecurID

TIA for any thoughts.

Andy



.

Relevant Pages

  • Re: calling a web service protected by RSA SecurID
    ... On Mar 28, 1:11 pm, "Joe Kaplan" ... SecurID doesn't use any of the standard HTTP transport level security ... likely need to implement a proprietary mechanism to handle the SecurID auth ... to a web service that is proected by SecurID ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: calling a web service protected by RSA SecurID
    ... customer, so we don't have any control over their security ... SecurID doesn't use any of the standard HTTP transport level security ... Joe Kaplan-MS MVP Directory Services Programming ... to a web service that is proected by SecurID ...
    (microsoft.public.dotnet.framework.aspnet.security)