How can I use authentication with Web Services?

From a security standpoint, web services have similar issues as any interactive Web site. However, a Web service may not have interactive users connecting and entering their security credentials. Instead, your "users" may be applications.

Web services will need to accept user credentials in some manner. If the service is non-interactive, it will need to either obtain the security token of the caller, or it will need to expose the appropriate methods to allow credentials to be supplied.

You can provide a "login" method- the login method would return some sort of authentication token (similar to a session token with traditional ASP.NET), and the client would then return that token to you when a Web Service was accessed. They could also provide their authentication information with each use (username and password, for example).

Using the login method and authentication token as an example, the token might be passed into a protected Web Service through either a SOAP Header or as an input parameter to the Web Service method itself.

In short here are some possible Custom authentication solutions for Web services:
  • Accept a user name and password as a parameter to your method calls.
  • Provide a login method that must be called before any other calls to other methods. You can use the cookie functionality of the Microsoft .NET Framework to verify calls have been made to the logon method.
  • Use the SOAP header or SOAP body to store the credentials.
  • Create a custom HTTP header or body to store the credentials.
Back

 
Printer friendly version of the XML-Webservice-FAQ-Using-Authentication page


Sponsored links

Build IT Knowledge with Current & Trusted Content
Helps Employees Develop & Hone New Technical Programming Skills. Sign Up & Get Full Access.
Check Out IT Certification Preparation Materials
Sign Up With SkillSoft & Get Access to Training Materials for Over 50 Professional Certifications.
Villanova University Six Sigma & IT Certificate Programs
100% Online programs in Six Sigma, IS Security, CISSP Prep, Business Analysis, Proj. Mgmt. and more!
Key Elements to an Effective Business Continuity Plan
Learn to develop a plan that clarifies what is critical and sets specific recovery requirements.
Web based bug tracking - AdminiTrack.com
AdminiTrack offers an effective web-based bug tracking system designed for professional software development teams.
Buy a link now

Advertisement



Free Magazine

Free Magazines
eWeek The essential technology information source for builders of e-business.... subscribe now

Members






Register
Why register?
Forgot Password?

Blogs new Blog section
Jobs
Webtools
Message Boards
FAQ
CodePedia
Free Magazines
User search
What's New
Top lists
RSS Feeds RSS Feeds

Submit content
Contact Us
Link To Us
Help



Advanced Search

Newsletter




More information


Newsletter | Submit Content | About | Advertising | Awards | Contact Us | Link to us |
© 1996-2008 Community Networks Ltd All rights reserved. Reproduction in whole or in part, in any form or medium without express written permission is prohibited. Violators of this policy may be subject to legal action. Please read Terms Of Use and Privacy Statement for more information. Development by Synchron Data - .NET development.