We have an asp.net 2.0 forms-authenticated application that uses the
membership and role providers built into the framework. We already have an
administration section in the application for those in certain "Roles".
However, my employer has asked me if there is a secure way to create a smart
client to manage users, roles, and other parts of the site configuration. I
have only limited experience in web development and even less with web
services, so I didn't know how to answer his question.
Our goal is to allow users who are in certain "Roles" within the site to
have access to the smart client. Once downloaded the smart client would make
use of a web service to manage usrer accounts, etc.
What I need to learn is how, if at all possible, should I secure my web
service methods to those that are not authenticated. Also, what would be the
recommended way to maintain that authentication token between calls?
By the way, my employer came up with this idea when he stumbled across this
article (http://www.eps-publishing.com/Articl...ickid=0511031). The
problem with the implementation in this article, though, is that it is
designed to be used in an intranet and doesn't deal with the
authentication/state problem I have attempted to describe here.
I'd appreciate any information you can provide.
Thanks.