Web Service authentication options

C

Craig Lister

Guys,

I have created my first web service (Hold the applause... I have a
question as well).

The web service does some pretty basic stuff on a database, and
returns an object. Is there a way to authorise the caller (Consumer?)
via a password or something? I'd prefer that only my application can
get data from it. The problem I guess is compounded by the fact that
the Web Service runs on a shared host... That is, I have no control of
the IIS config (that I know of), and even have 'Athorization
Mode="None"'.

Is there a way to limit access to only my application (Winform app).
 
F

Felix Palmen

* Craig Lister said:
The web service does some pretty basic stuff on a database, and
returns an object. Is there a way to authorise the caller (Consumer?)
via a password or something? I'd prefer that only my application can
get data from it. The problem I guess is compounded by the fact that
the Web Service runs on a shared host... That is, I have no control of
the IIS config (that I know of), and even have 'Athorization
Mode="None"'.
Click to expand...

The recommended way for authentication in webservices is to use
message-level security, so no authentication at transport-level (IIS) is
no problem. I assume you use WCF for your webservice (if not, do so):
Try the WsHttpBinding (or even Ws2007HttpBinding) instead of the
BasicHttpBinding -- it is pre-configured to use message level security
with windows authentication.

If you need a different authentication scheme, look up all the options
of a binding in WCF, there are some great articles online, too (to much
for a usenet posting).

Regards,
Felix
 
C

Craig Lister

Thanks guys...

At the moment, it's now a WCF service... it's a standard ASP.Net web
service. HOWEVER, the project is a private learning project (Although,
in use by a lot of people), so I can look into WCF. Is there much of a
change? I had a brief look at WCF, and it seemed over complicated
compared to a standard web service...

I'll need to read up on them...
 
F

Felix Palmen

* Craig Lister said:
At the moment, it's now a WCF service... it's a standard ASP.Net web
service. HOWEVER, the project is a private learning project (Although,
in use by a lot of people), so I can look into WCF. Is there much of a
change? I had a brief look at WCF, and it seemed over complicated
compared to a standard web service...
Click to expand...

If this is for learning, definitely go for WCF. What you call "standard
web service" (the asp.net web service extensions, *.asmx) is not yet
/deprecated/, but it's definitely heading there.

WCF is more general, can do anything WSE can and a lot more, and newer
developments (like the WIF that supports WS-Federation) are done on top
of WCF.

Regards,
Felix
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

web service authentication? 3
large WSDL files casuse out of memory when debugging in VS2011 wioth framework 4 1
Formatting exception when calling to web service 1
Winfrom and WEB (not web-form). 2
Web Service faster than Remoting?? 1
C# SOAP Authentication to non C# web service 4
Web Service 1
Hosting webservice in service application 4

Top