473,320 Members | 2,133 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,320 software developers and data experts.

Implementing subscription based Web Service

Hello,

Sorry for the repost, I haven’t got any response in aspnet.webservices group.

We have a web service being used by several clients. It's SSL secured, uses
Windows (Basic) Authentication, each client has its own login. The management
wants to expend it to other clients, but provide "subscription based"
service. Where one pays a monthly fee to use it.
Now, I suggested using existing infrastructure Basic Authentication, just
disable Windows account when subscription expires. But management wants as
little administration as possible. Sure, I can create a user table in db, but
would not it be as much admin? Someone would still have to sign clients up
and enter new user names into database through some admin app or other wise.
If anyone had any experiences implementing Subscription based web service I
would like to hear your comments.

Thank you

Dec 21 '05 #1
6 2321
Actually, using a table would be less administration. In the table that
contains the credentials:

e.g.
UserName (plain text string)
Password (sha1 hash hexcode string)
SubscriptionLastUpdated (datetime)
[other columns...]

As users pay for new/updated subscriptions, the SubscriptionLastUpdated
would automatically get repopulated with a current timestamp. Then on access
to the web service, you would query that table to see if that particular
user's SubscriptionLastUpdated value is more than 30 days ago... if so, you
would not allow access. This would be much easier than having to have
employees go in and scan through everyone's subscription records looking for
outdated subscriptions on a regular basis, and then going in and disabling
accounts using Computer Management or whatever interface is supplied to them.

"WebMatrix" wrote:
Hello,

Sorry for the repost, I haven’t got any response in aspnet.webservices group.

We have a web service being used by several clients. It's SSL secured, uses
Windows (Basic) Authentication, each client has its own login. The management
wants to expend it to other clients, but provide "subscription based"
service. Where one pays a monthly fee to use it.
Now, I suggested using existing infrastructure Basic Authentication, just
disable Windows account when subscription expires. But management wants as
little administration as possible. Sure, I can create a user table in db, but
would not it be as much admin? Someone would still have to sign clients up
and enter new user names into database through some admin app or other wise.
If anyone had any experiences implementing Subscription based web service I
would like to hear your comments.

Thank you

Dec 21 '05 #2
Right, that makes sense.
But one would still have to add a new user to a table, perhaps through some
kind of admin tool. Enrollment will not be 100% automatic anyway.
Add/remove Windows user can also be done programaticlly though Admin tool.
But what you suggested does make sense. We need to store subscription info
somewhere anyway, database seems to be the right place. So might as well
store user name/passwords and expiration dates.
Thanks.

"Nate" wrote:
Actually, using a table would be less administration. In the table that
contains the credentials:

e.g.
UserName (plain text string)
Password (sha1 hash hexcode string)
SubscriptionLastUpdated (datetime)
[other columns...]

As users pay for new/updated subscriptions, the SubscriptionLastUpdated
would automatically get repopulated with a current timestamp. Then on access
to the web service, you would query that table to see if that particular
user's SubscriptionLastUpdated value is more than 30 days ago... if so, you
would not allow access. This would be much easier than having to have
employees go in and scan through everyone's subscription records looking for
outdated subscriptions on a regular basis, and then going in and disabling
accounts using Computer Management or whatever interface is supplied to them.

"WebMatrix" wrote:
Hello,

Sorry for the repost, I haven’t got any response in aspnet.webservices group.

We have a web service being used by several clients. It's SSL secured, uses
Windows (Basic) Authentication, each client has its own login. The management
wants to expend it to other clients, but provide "subscription based"
service. Where one pays a monthly fee to use it.
Now, I suggested using existing infrastructure Basic Authentication, just
disable Windows account when subscription expires. But management wants as
little administration as possible. Sure, I can create a user table in db, but
would not it be as much admin? Someone would still have to sign clients up
and enter new user names into database through some admin app or other wise.
If anyone had any experiences implementing Subscription based web service I
would like to hear your comments.

Thank you

Dec 21 '05 #3
I have a quesiton following on to this...

If I had a user table based authentication, how could I make the web
service remember that someone is authenticated? Does session work the
same as it does for ASP.NET ? (I am guessing it does).

So the process would be for my client app to:
A) Call a Login method of the webservice, passing a username/pass and
getting a bool response.
B) If bool is true, then follow up with other calls.

Previously I had the username and password passed with EVERY method,
checking authentication on every query.
Example, get a list of outstanding messages, would call 'GetInbox'
method by passing a user name and password, but with the above process
I could store the userID in session right? Then my 'GetInbox' method
wouldn't need any parameters at all.

How then could I deal with session expiring and so on? Call some sort
of keep alive method as well? That method wouldn't even need any code
in it right? The simple fact that my client app has called the service
has renewed its session lease (or whatever the terminology is).

Is there any security issues relating to this form of authentication?

Many thanks,
Steven Nagy

Dec 22 '05 #4
Hi Steven
Previously I had the username and password passed with EVERY method,
checking authentication on every query.


Do you send it as an argument to the web service?
If yes, I would suggest letting the security framework handle this for
you. Autentification info is then stored in the SOAP headers and is
invisible in the web service API.
If no, sorry...

At least I think so, but if you use frameworks as WSE or WCF (Indigo)
you can let the security subsystems of these framework handle
authentification. I think they implement some sort of "recogniztion" of
an already authenticated user on the serverside. Client side you assign
a "UserNameToken" to the request an it is this token that gets
authenticated.
Maybe some guys (or gals) can shed some light on this..maybe in another
group..?

Regards

Henrik
Dec 22 '05 #5
Wouldn't ASP.NET 2.0 Membership, Roles and Profiles be ideally suited for
this objective?

<%= Clinton Gallagher
METROmilwaukee (sm) "A Regional Information Service"
NET csgallagher AT metromilwaukee.com
URL http://metromilwaukee.com/
URL http://clintongallagher.metromilwaukee.com/
"Henrik Gøttig" <hg@websolver.dk> wrote in message
news:u3**************@TK2MSFTNGP12.phx.gbl...
Hi Steven
Previously I had the username and password passed with EVERY method,
checking authentication on every query.


Do you send it as an argument to the web service?
If yes, I would suggest letting the security framework handle this for
you. Autentification info is then stored in the SOAP headers and is
invisible in the web service API.
If no, sorry...

At least I think so, but if you use frameworks as WSE or WCF (Indigo) you
can let the security subsystems of these framework handle
authentification. I think they implement some sort of "recogniztion" of an
already authenticated user on the serverside. Client side you assign a
"UserNameToken" to the request an it is this token that gets
authenticated.
Maybe some guys (or gals) can shed some light on this..maybe in another
group..?

Regards

Henrik

Dec 22 '05 #6


"Steven Nagy" wrote:
I have a quesiton following on to this... Previously I had the username and password passed with EVERY method,
checking authentication on every query.
Example, get a list of outstanding messages,


That's somehting I was just thinking about. I think that's the way I am
going to go; authentication with each request. That's just a nature of this
app. It's a windows client, user fetch chunks of data and work with it, there
can be 10 - 1hr time difference between each call and then user decides to
take a lunch break or leaves his/her machine on over the weekend with the
client running. I dont think it makes sense to keep session alive that long.

But to answer your question Session is very much part of Web Service .NET
application. Though clients must be able to accept cookies, from what I
understand.
Dec 22 '05 #7

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

3
by: Max A. Bündchen | last post by:
My enterprise is a Registered Microsoft Partner and we would to acquire a MSDN Universal subscription under the Empower ISV Program to start a new project in .Net (today we dev under VFP 7). ...
6
by: WebMatrix | last post by:
Hello, Sorry for the repost, I haven’t got any response in aspnet.webservices group. We have a web service being used by several clients. It's SSL secured, uses Windows (Basic)...
1
by: oldVB3r | last post by:
I would like to create a set of web services that share a common set of types (classes, structures, enums). I know I can create a VS 2005 web service based on the Interface statement to contain...
6
by: Joseph Geretz | last post by:
I have the following class which I am serializing and passing back and forth between my Web Service application and the client. public class Token : SoapHeader { public string SID; public...
2
by: Steve | last post by:
Can anyone point me to a link for sample code for building a subscription service web site using asp.net 2 and vb 2005? Thanks Steve
2
by: erbilkonuk | last post by:
Hi, I am very new to .NET Remoting and I try to run a simple program to subscribe to an event raised by Remoting Class. The Remoting Server initiates an instance of Remoting Class as Singleton /...
1
by: Steve Arndt | last post by:
Can someone point me to sample code for building subscription services (where someone pays either up front for a number of uses, or per use) in vb.net/asp.net? I want to convert a client-based...
1
by: 9jaman | last post by:
Can anyone help me find a solution to this problem.I need a desktop-based software or system for news alert service.I want to start a news alert subscription service based on recharge cards. The...
2
by: =?Utf-8?B?SmFzb24gQS4gSmVuc2Vu?= | last post by:
I have a MSDN Subscription expiring this month but really need Visual Studio 2008 when it comes out. I called customer service to find out but they don't know. They seemed to think it was a...
0
by: DolphinDB | last post by:
The formulas of 101 quantitative trading alphas used by WorldQuant were presented in the paper 101 Formulaic Alphas. However, some formulas are complex, leading to challenges in calculation. Take...
0
by: DolphinDB | last post by:
Tired of spending countless mintues downsampling your data? Look no further! In this article, you’ll learn how to efficiently downsample 6.48 billion high-frequency records to 61 million...
0
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
0
by: Vimpel783 | last post by:
Hello! Guys, I found this code on the Internet, but I need to modify it a little. It works well, the problem is this: Data is sent from only one cell, in this case B5, but it is necessary that data...
1
by: PapaRatzi | last post by:
Hello, I am teaching myself MS Access forms design and Visual Basic. I've created a table to capture a list of Top 30 singles and forms to capture new entries. The final step is a form (unbound)...
0
by: Defcon1945 | last post by:
I'm trying to learn Python using Pycharm but import shutil doesn't work
1
by: Shællîpôpï 09 | last post by:
If u are using a keypad phone, how do u turn on JavaScript, to access features like WhatsApp, Facebook, Instagram....
0
by: af34tf | last post by:
Hi Guys, I have a domain whose name is BytesLimited.com, and I want to sell it. Does anyone know about platforms that allow me to list my domain in auction for free. Thank you
0
by: Faith0G | last post by:
I am starting a new it consulting business and it's been a while since I setup a new website. Is wordpress still the best web based software for hosting a 5 page website? The webpages will be...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.