Re: authentication best practices
- From: "Perecli Manole" <Perecli@xxxxxxxxxxxxxx>
- Date: Fri, 3 Mar 2006 05:59:10 -0800
Yes, all are domain users while at work but they also work from home and
they need a similar behavior as using a web site through HTTPS. In other
words they don't want VPN in just to use this app.
Perry
"Dominick Baier [DevelopMentor]" <dbaier@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
wrote in message news:4580be631978f18c80ce523b930fd@xxxxxxxxxxxxxxxxxxxxx
Do you have a Windows domain and are your clients domain users?
---------------------------------------
Dominick Baier - DevelopMentor
http://www.leastprivilege.com
I have a "click-once" windows forms application distributed to many
clients.
This app uses web services behind the scenes to populate sensitive
company
data. I want to make this application behave similarly to a web
application
in the following ways:
1. User needs to authenticate before use
2. There needs to be a time out similar to web forms
3. Some method to see if user is still authenticated before each web
service
request
What is the best approach from a security stand point to accomplish
this with a web service? Is there some token that gets passed between
requests? If so how do I know when such a token expires? Do I generate
such token or is there some built in process for this?
Thanks
Perry
.
- References:
- authentication best practices
- From: Perecli Manole
- Re: authentication best practices
- From: Dominick Baier [DevelopMentor]
- authentication best practices
- Prev by Date: Re: .NET 1.1 security policies broke after installing .NET 2.0
- Next by Date: Re: .NET 1.1 security policies broke after installing .NET 2.0
- Previous by thread: Re: authentication best practices
- Index(es):
Relevant Pages
|
