473,398 Members | 2,368 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

home > topics > .net framework > questions > auth in a ws over the internet

Join Bytes to post your question to a community of 473,398 software developers and data experts.

Auth in a WS over the internet

I now that this can be a completely newbie question, but and a bit confused
on this.

I currently in a new project where i need to expose a lot of "sql
functionality" to users using a WinForms rich client. That app need to
access several tables and querys. So... exposing the sql server to the
internet is the "natural" but unwanted option due to security risks.
So, i guess that the way to go is to create (one or more) web services to
serve those information to the clients. But now im on the security seide of
all this. How is the correct way to protect the access to the WS's with some
sort of authentication?, becouse i have the whole internet with this
scenario.
I'd saw a lot of examples on this, but with integrated security (windows)
for Intranets. And i'd also saw some examples with WS calls that use a token
in their parameters (probably over a https channel).... but.... i dont want
to send all the sensitive parameters over the internet AND the token.

Any help will be apreciated.

Thnx in advance.
Nov 23 '05 #1
1 1654
Hi,

There are a couple of options to handle this. First and foremost, a web
forms app would probably be best suited for this sort of app, but I'm going
to presume you have good reasons to do this as a smart client.

The thing with web services is that usually the client is a computer
program, not a human being. This is where authentication is going to be a bit
different (in that with web services you cannot assume your process -- or
thread -- token to be a conveniant place to get credentials from). Most
samples you'll find that use the HttpRequest oriented stuff
(SoapHttpClientProtocol is HttpRequest-ish) will use integrated security
because the client is a user logged in to some domain and it's so darn easy
to just grab the current credentials.

However, you can use the same technique to supply your own credentials, as in:

_proxy.Credentials = new NetworkCredentials("username", "pwd");

This will allow you to do basic auth (over ssl, of course ...) with a
SoapHttpClientProtocol derived proxy.

If you decide to go the WSE2 route, there's absolutely no reason to send a
token as parameter. The normal usage style is to send the token as a header
(in WSE this means it's implemented as a filter). What you do to get the same
sort of thing as basic auth in WSE is at the client side is create a username
token (with password option SendPlainText, again, over ssl) and add it like
_proxy.RequestSoapContext.Security.Tokens.Add(_myT oken). At the server side
WSE will (by default) try to map the username and password to an existing
account.

Anyhow, see the WSE2 docs for details because there's any number of
possibilities ..

HTH,

-- Henkk
"Toble Rone" wrote:
I now that this can be a completely newbie question, but and a bit confused
on this.

I currently in a new project where i need to expose a lot of "sql
functionality" to users using a WinForms rich client. That app need to
access several tables and querys. So... exposing the sql server to the
internet is the "natural" but unwanted option due to security risks.
So, i guess that the way to go is to create (one or more) web services to
serve those information to the clients. But now im on the security seide of
all this. How is the correct way to protect the access to the WS's with some
sort of authentication?, becouse i have the whole internet with this
scenario.
I'd saw a lot of examples on this, but with integrated security (windows)
for Intranets. And i'd also saw some examples with WS calls that use a token
in their parameters (probably over a https channel).... but.... i dont want
to send all the sensitive parameters over the internet AND the token.

Any help will be apreciated.

Thnx in advance.

Nov 23 '05 #2
New Post

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

4
extension Class to Auth
by: jsWalter | last post by:
I have an extension Class to Auth and I'm looking for some folks to hammer on it a bit and give feed back. Class: AuthUser - add user (well, Auth does that now, so its gone) - remove user...
PHP
2
twisted mail server - SMTP AUTH extension not supported
by: Mark Carter | last post by:
I'm trying to create a mail server in Twisted. I either get SMTPSenderRefused or SMTPException: SMTP AUTH extension not supported by server. What do I need to do to get it to work?
Python
1
windows auth and forms auth
by: Smokey Grindle | last post by:
I have a small problem here. Internally we want people that view our website from inside our domain to auto authenticate with windows authentication... but outside the building on the internet...
ASP.NET
4
Switch Between Integreated Auth and FBA
by: -Steve- | last post by:
I'm writing a web app that will be distributed and I want to allow the installer to choose between using Integrated Authentication, or FBA. Switching between those with web.config is obviously very...
ASP.NET
0
How to turn on java script in a villaon keypad mobile phone
by: Charles Arthur | last post by:
How do i turn on java script on a villaon, callus and itel keypad mobile phone
Java
0
Migrating Website to Cloud - Emmanuel Katto
by: emmanuelkatto | last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud. Please let me know. Thanks! Emmanuel
General
1
Is that possible of reading the .csv file in column wise and the column have different lengths ?
by: Sonnysonu | last post by:
This is the data of csv file 1 2 3 1 2 3 1 2 3 1 2 3 2 3 2 3 3 the lengths should be different i have to store the data by column-wise with in the specific length. suppose the i have to...
C / C++
0
How to build RAID in BIOS?
by: Hystou | last post by:
There are some requirements for setting up RAID: 1. The motherboard and BIOS support RAID configuration. 2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
Computer Hardware
0
Changing the language in Windows 10
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
Windows Server
0
Oralloy
Problem With Comparison Operator <=> in G++
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers,...
C / C++
0
The easy way to turn off automatic updates for Windows 10/11
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows...
Windows Server
0
tracyyun
Discussion: How does Zigbee compare with other wireless protocols in smart home applications?
by: tracyyun | last post by:
Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each...
General
0
agi2029
AI Job Threat for Devs
by: agi2029 | last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing,...
Career Advice

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes:
Post a Job
Sponsored Posts
Platinum & Gold Sponsors
Hire Now!