Re: calling a web service protected by RSA SecurID

On Mar 28, 1:11 pm, "Joe Kaplan"
<joseph.e.kap...@xxxxxxxxxxxxxxxxxxxxxxxx> wrote:
You can't really do this in a standards-based way. The forms auth done by
SecurID doesn't use any of the standard HTTP transport level security
protocols like Basic, Digest or Integrated auth and doesn't correspond with
the WS-Security specification for doing message level security.

My overally assessment is that the authentication mechanism in use on the
website is inappropriate for use with programmatic agents like web services.
You should consider changing that. However, if it is not an option, you'll
likely need to implement a proprietary mechanism to handle the SecurID auth
and then add the required cookie programmatically to your web service proxy
class. I've seen that done before, although I can't tell you exactly how
you'll go about doing that in this case as each forms auth mechanism is a
little different. You'll need to reverse engineer the form post and figure
out how to collect the required cookie from the server's response.

Good luck!

Joe K.

--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"http://www.directoryprogramming.net
--<ajf...@xxxxxxxxxxxxxxxx> wrote in message

news:1175095816.307593.146320@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

Hi,

my client has an extranet IIS web server protected by RSA SecurID.
it's running my asp.net 1.1 application. when they use the web app
from a browser they have to log in to RSA, then they see the login
screen for our application (forms authentication) and everything is
fine.

however, when they use our winforms client application to access a web
service (which is part of the same web app), it doesn't work. we are
handling HTTP 401 responses correctly in the windows client but I
guess SecurID is not using this mechanism.

anyone know how I can get a .Net 1.1 winforms application to connect
to a web service that is proected by SecurID

TIA for any thoughts.

Andy

Just a thought: Can you get the web service to use Radius? It should
be simple to get IIS to use radius as well.

HTH,

Nick
--
Nick Owen
WiKID Systems, Inc.
404.962.8983
http://www.wikidsystems.com
Commercial/Open Source Two-Factor Authentication

.

Relevant Pages

  • Re: calling a web service protected by RSA SecurID
    ... The forms auth done by ... SecurID doesn't use any of the standard HTTP transport level security ... Co-author of "The .NET Developer's Guide to Directory Services Programming" ... to a web service that is proected by SecurID ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: calling a web service protected by RSA SecurID
    ... customer, so we don't have any control over their security ... SecurID doesn't use any of the standard HTTP transport level security ... Joe Kaplan-MS MVP Directory Services Programming ... to a web service that is proected by SecurID ...
    (microsoft.public.dotnet.framework.aspnet.security)