By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
435,389 Members | 2,052 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 435,389 IT Pros & Developers. It's quick & easy.

secure web service authentication using membership provide

P: n/a
We have an 2.0 forms-authenticated application that uses the
membership and role providers built into the framework. We already have an
administration section in the application for those in certain "Roles".
However, my employer has asked me if there is a secure way to create a smart
client to manage users, roles, and other parts of the site configuration. I
have only limited experience in web development and even less with web
services, so I didn't know how to answer his question.

Our goal is to allow users who are in certain "Roles" within the site to
have access to the smart client. Once downloaded the smart client would make
use of a web service to manage usrer accounts, etc.

What I need to learn is how, if at all possible, should I secure my web
service methods to those that are not authenticated. Also, what would be the
recommended way to maintain that authentication token between calls?

By the way, my employer came up with this idea when he stumbled across this
article ( The
problem with the implementation in this article, though, is that it is
designed to be used in an intranet and doesn't deal with the
authentication/state problem I have attempted to describe here.

I'd appreciate any information you can provide.

Feb 9 '07 #1
Share this question for a faster answer!
Share on Google+

This discussion thread is closed

Replies have been disabled for this discussion.