473,500 Members | 1,943 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

How to add username and password to a Web Service

I have seen examples of people saying that in the soap header you can pass a
username and password. Is there a reason why putting username and password
information in the header would be better than just including it as an input
in the web service?

thanks,
Anthony
Jul 27 '06 #1
2 2062
Passing a username/password in plain-text in either the header or input
of a web service is inherently unsecure.

Microsoft offers a more secure way to do this in Web Service
Enhancements (WSE). The sample code offers examples of how to use the
UserNameTokenManager.

A fairly good article the WSE 2.0 UserNameTokenManager can be found at
http://aspnet.4guysfromrolla.com/articles/071404-1.aspx

-Paul

Anthony Biondo Jr wrote:
I have seen examples of people saying that in the soap header you can pass a
username and password. Is there a reason why putting username and password
information in the header would be better than just including it as an input
in the web service?

thanks,
Anthony
Jul 27 '06 #2
"Anthony Biondo Jr" <an************@kmhp.comwrote in message
news:uF****************@TK2MSFTNGP02.phx.gbl...
>I have seen examples of people saying that in the soap header you can pass
a
username and password. Is there a reason why putting username and
password
information in the header would be better than just including it as an
input
in the web service?
"It depends." (anon)

If your web service has more than one operation which has to be secured by
username/password, then putting it in the header keeps them out of the
signature of each operation.

Also, you may be able to have a SOAP extension (I think they're called
handlers in the Java world) process that header for every operation, so that
the operations don't need to do anything. You could even prevent the
operations from even being called if the username and password were
incorrect.

Finally, if you later decide that you need something stronger than username
and password, you would only need to change the header, not each operation.

John
Jul 27 '06 #3

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics
7
2785
I've deleted admin username and password, please help!
by: Candice | last post by:
Please somebody help! I've deleted my admin username and password which was initially set at test. Now I can't log into my website as the administrator. How do I put Username and Password back so...
PHP
4
6040
Minimum & Maximum for username/password
by: Lobang Trader | last post by:
Hi all, I am trying to create a username and a password class. I would like to know what are the RECOMMENDED minimum and maximum length for both fields? These fields will be something like...
Java
0
2410
C# fails to connect to IIS Web Service if we require both Client Certificate and Username/Password
by: Joey Edelstein | last post by:
Hi, We are trying to add a Client Certificate support for our web app that emulates a hardware device web app. The hardware uses a 2 factors authentication, which requires a Web Service client...
C# / C Sharp
1
1119
Set a username and password for an existing service?
by: Scott Lezberg \(Deltek\) | last post by:
How can I set a username and password for a service that already exists in VB .NET? Any sample code would be greatly appreciated. Thanks in advance. Scott
Visual Basic .NET
0
1239
WS-Security Tokens for Doaim\Username and Password
by: Andre | last post by:
I'm working on a web service and I need to pass in user information for authentication. The service needs to meet the WS-Security specification. I need to support two types of authentication for...
.NET Framework
11
13313
Process.Start with Username hangs
by: Kirk | last post by:
The following C# web service works fine until you uncomment the lines setting UserName and Password. Then the process starts as the specified user, but hangs in a suspended state. In fact, any...
C# / C Sharp
0
6637
Process.Start with UserName/Password gives Access is Denied
by: Kirk | last post by:
The following C# web service works fine until you uncomment the lines setting UserName and Password. Then, Process.Start throws an Access is Denied Exception. This is with .NET 2.0, of course...
ASP.NET
0
1465
How to get username, password from .NET Windows service installation to actual service code ?
by: jimmy | last post by:
Hi, I have a .NET service which has to set the username and password at the time of installation. So, this.serviceProcessInstaller.Password = null; this.serviceProcessInstaller.Username = null;...
C# / C Sharp
2
2305
Using the proper service account to move files from one machine to another (windows service)
by: Jim in Arizona | last post by:
I made up a service that will move files from a folder on the machine that the service is running to a share on another machine. I use a try/catch incase an error is thrown and write that error to...
Visual Basic .NET
0
7136
marktang
What is ONU?
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
General
0
7018
Changing the language in Windows 10
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
Windows Server
0
7182
Oralloy
Problem With Comparison Operator <=> in G++
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers,...
C / C++
0
7232
jinu1996
Maximizing Business Potential: The Nexus of Website Design and Digital Marketing
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
Online Marketing
1
6906
The easy way to turn off automatic updates for Windows 10/11
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows...
Windows Server
0
7397
tracyyun
Discussion: How does Zigbee compare with other wireless protocols in smart home applications?
by: tracyyun | last post by:
Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each...
General
1
4923
isladogs
Access Europe - Using VBA to create a class based on a table - Wed 1 May
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome a new...
Microsoft Access / VBA
0
4611
Couldn’t get equations in html when convert word .docx file to html file in C#.
by: conductexam | last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and...
C# / C Sharp
0
3106
Windows Forms - .Net 8.0
by: adsilva | last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
Visual Basic .NET

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes
How to Post and Respond on Bytes
How to Promote and Link on Bytes
How to increase your Ranking on Bytes
Become a Recognized Expert on Bytes
Feedback Welcomed! Contact Us