Best practice concerning authentication ?

S

Steve B.

Hi everybody

I'm building an application that use, if available, a Web service to
transmit new data.

I'm investigating the security patterns that are applicable.

For now, I use Windows authenticated security (in order to use AD accounts),
but it requires storing username and password on the device (it is not
possible to ask the user to type its password each time), and than can be a
security hole if the device is stolen.

I wonder if client certificates can help me to secure the application. In
order word, is it possible to use certificates to authenticate users
automatically ?

Thanks,
Steve
 
G

Guest

I store the encrypted username and password in a password secured SQLCE
database. Make sure you catch the security exception when calling your web
service to know when the user has changed his password to prompt them to
change their password on the PDA. I only call GetCredentials when using the
internet I allow intranet calls to go through. Don't forget to turn on SSL
and start your call with https: in order to encrypt the username password
over the net.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Transparent login to mobile application by logging in to WiFi hot 3
USB Security Keys are they a good idea ? 5
NETCF Web Server & authentication 0
Authentication using NetworkCredential 2
How to obtain User/Password from WinCE 4.2 ??? 1
authenticating web servcies calls 1
Certificate How-to .... confused 3
Microsoft SQL connection string and Windows Auth. 1

Top