Best practice concerning authentication ?

  • Thread starter Thread starter Steve B.
  • Start date Start date
S

Steve B.

Hi everybody

I'm building an application that use, if available, a Web service to
transmit new data.

I'm investigating the security patterns that are applicable.

For now, I use Windows authenticated security (in order to use AD accounts),
but it requires storing username and password on the device (it is not
possible to ask the user to type its password each time), and than can be a
security hole if the device is stolen.

I wonder if client certificates can help me to secure the application. In
order word, is it possible to use certificates to authenticate users
automatically ?

Thanks,
Steve
 
I store the encrypted username and password in a password secured SQLCE
database. Make sure you catch the security exception when calling your web
service to know when the user has changed his password to prompt them to
change their password on the PDA. I only call GetCredentials when using the
internet I allow intranet calls to go through. Don't forget to turn on SSL
and start your call with https: in order to encrypt the username password
over the net.
 
Back
Top