Web Service authentication options

  • Thread starter Thread starter Craig Lister
  • Start date Start date
C

Craig Lister

Guys,

I have created my first web service (Hold the applause... I have a
question as well).

The web service does some pretty basic stuff on a database, and
returns an object. Is there a way to authorise the caller (Consumer?)
via a password or something? I'd prefer that only my application can
get data from it. The problem I guess is compounded by the fact that
the Web Service runs on a shared host... That is, I have no control of
the IIS config (that I know of), and even have 'Athorization
Mode="None"'.

Is there a way to limit access to only my application (Winform app).
 
* Craig Lister said:
The web service does some pretty basic stuff on a database, and
returns an object. Is there a way to authorise the caller (Consumer?)
via a password or something? I'd prefer that only my application can
get data from it. The problem I guess is compounded by the fact that
the Web Service runs on a shared host... That is, I have no control of
the IIS config (that I know of), and even have 'Athorization
Mode="None"'.
Click to expand...

The recommended way for authentication in webservices is to use
message-level security, so no authentication at transport-level (IIS) is
no problem. I assume you use WCF for your webservice (if not, do so):
Try the WsHttpBinding (or even Ws2007HttpBinding) instead of the
BasicHttpBinding -- it is pre-configured to use message level security
with windows authentication.

If you need a different authentication scheme, look up all the options
of a binding in WCF, there are some great articles online, too (to much
for a usenet posting).

Regards,
Felix
 
Thanks guys...

At the moment, it's now a WCF service... it's a standard ASP.Net web
service. HOWEVER, the project is a private learning project (Although,
in use by a lot of people), so I can look into WCF. Is there much of a
change? I had a brief look at WCF, and it seemed over complicated
compared to a standard web service...

I'll need to read up on them...
 
* Craig Lister said:
At the moment, it's now a WCF service... it's a standard ASP.Net web
service. HOWEVER, the project is a private learning project (Although,
in use by a lot of people), so I can look into WCF. Is there much of a
change? I had a brief look at WCF, and it seemed over complicated
compared to a standard web service...
Click to expand...

If this is for learning, definitely go for WCF. What you call "standard
web service" (the asp.net web service extensions, *.asmx) is not yet
/deprecated/, but it's definitely heading there.

WCF is more general, can do anything WSE can and a lot more, and newer
developments (like the WIF that supports WS-Federation) are done on top
of WCF.

Regards,
Felix
 
Back
Top