473,224 Members | 1,396 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,224 software developers and data experts.

Secure Access to Web Service.

Hi,

I have a client application which Accesses Web Service. but the Web service
allows anonymous access to any client request (web/smart client). I want to
authenticate every client request by passing username/password to make it
more secure.

Environment : Web Service/IIS5.0/ASP.NET 2.0 / C#.

Kindly help with your suggestions.

Thanks,
Jun 13 '07 #1
6 2375
On Jun 13, 9:48 am, Ibrahim. <Ibra...@discussions.microsoft.com>
wrote:
Hi,

I have a client application which Accesses Web Service. but the Web service
allows anonymous access to any client request (web/smart client). I want to
authenticate every client request by passing username/password to make it
more secure.

Environment : Web Service/IIS5.0/ASP.NET 2.0 / C#.

Kindly help with your suggestions.

Thanks,
What is your environment?

Are you running under IIS?

Are you in a Windows domain with Active Directory?

Internal network or Internet access?

Do you have your own database of usernames and passwords?

It depends on factors such as these.
Jun 13 '07 #2
On Jun 13, 11:36 am, ronscottlang...@yahoo.com wrote:
On Jun 13, 9:48 am, Ibrahim. <Ibra...@discussions.microsoft.com>
wrote:
Hi,
I have a client application which Accesses Web Service. but the Web service
allows anonymous access to any client request (web/smart client). I want to
authenticate every client request by passing username/password to make it
more secure.
Environment : Web Service/IIS5.0/ASP.NET 2.0 / C#.
Kindly help with your suggestions.
Thanks,

What is your environment?

Are you running under IIS?

Are you in a Windows domain with Active Directory?

Internal network or Internet access?

Do you have your own database of usernames and passwords?

It depends on factors such as these.

Stupid me, I see where you did specify some of your environment
settings in your initial post. Missed this before. But, would still
need to know some of the other details. More specifically the
Internet/Internal Nework? Windows Domain? users in Active Directory
or in own user store? etc.

Ron
Jun 13 '07 #3
Hello,

OK, let me explain the Environement:

Web Server IIS 5.0
ASP.NET 2.0
Windows Domain Accounts (2003)
No Active Directory Service

Let me know what you think and how can I implement security (log in).

Regards,

"ro*************@yahoo.com" wrote:
On Jun 13, 11:36 am, ronscottlang...@yahoo.com wrote:
On Jun 13, 9:48 am, Ibrahim. <Ibra...@discussions.microsoft.com>
wrote:
Hi,
I have a client application which Accesses Web Service. but the Web service
allows anonymous access to any client request (web/smart client). I want to
authenticate every client request by passing username/password to make it
more secure.
Environment : Web Service/IIS5.0/ASP.NET 2.0 / C#.
Kindly help with your suggestions.
Thanks,
What is your environment?

Are you running under IIS?

Are you in a Windows domain with Active Directory?

Internal network or Internet access?

Do you have your own database of usernames and passwords?

It depends on factors such as these.


Stupid me, I see where you did specify some of your environment
settings in your initial post. Missed this before. But, would still
need to know some of the other details. More specifically the
Internet/Internal Nework? Windows Domain? users in Active Directory
or in own user store? etc.

Ron
Jun 15 '07 #4
On Jun 15, 4:06 am, Ibrahim. <Ibra...@discussions.microsoft.com>
wrote:
Hello,

OK, let me explain the Environement:

Web Server IIS 5.0
ASP.NET 2.0
Windows Domain Accounts (2003)
No Active Directory Service

Let me know what you think and how can I implement security (log in).

Regards,

"ronscottlang...@yahoo.com" wrote:
On Jun 13, 11:36 am, ronscottlang...@yahoo.com wrote:
On Jun 13, 9:48 am, Ibrahim. <Ibra...@discussions.microsoft.com>
wrote:
Hi,
I have a client application which Accesses Web Service. but the Web service
allows anonymous access to any client request (web/smart client). I want to
authenticate every client request by passing username/password to make it
more secure.
Environment : Web Service/IIS5.0/ASP.NET 2.0 / C#.
Kindly help with your suggestions.
Thanks,
What is your environment?
Are you running under IIS?
Are you in a Windows domain with Active Directory?
Internal network or Internet access?
Do you have your own database of usernames and passwords?
It depends on factors such as these.
Stupid me, I see where you did specify some of your environment
settings in your initial post. Missed this before. But, would still
need to know some of the other details. More specifically the
Internet/Internal Nework? Windows Domain? users in Active Directory
or in own user store? etc.
Ron

Since the users will be in the Windows Domain Directory, then probably
the easiest thing to do is let Windows and IIS do most of the work.
Basically, you configure your web service for authentication and
enforce it through IIS. The client app will need to pass its username
and password via web service proxy credentials.

Here is a link that details this, hopefully will help...

http://samples.gotdotnet.com/quickst...eservices.aspx

If the windows domain is the client's logon domain, then you shouldn't
have to enter the name/password directly in the credentials, instead
just ask the client for its current credentials and pass them
directly. See...

http://support.microsoft.com/kb/813834

If the windows domain is different than the client's logon domain,
then I suppose you may need some config or GUI on the client side
where the user can specify their username and password and then pass
them directly as mentioned in the first link.

Ron
Jun 15 '07 #5

Hello,

Thanks for you information.,

I have another question, Can you kindly clarify the following :

How can pass an object from the webservice [webmethod] to the client
applicatoin c#.

I want to basically pass ArrayList object or any other types to the client ?

Regards,

"ro*************@yahoo.com" wrote:
On Jun 15, 4:06 am, Ibrahim. <Ibra...@discussions.microsoft.com>
wrote:
Hello,

OK, let me explain the Environement:

Web Server IIS 5.0
ASP.NET 2.0
Windows Domain Accounts (2003)
No Active Directory Service

Let me know what you think and how can I implement security (log in).

Regards,

"ronscottlang...@yahoo.com" wrote:
On Jun 13, 11:36 am, ronscottlang...@yahoo.com wrote:
On Jun 13, 9:48 am, Ibrahim. <Ibra...@discussions.microsoft.com>
wrote:
Hi,
I have a client application which Accesses Web Service. but the Web service
allows anonymous access to any client request (web/smart client). I want to
authenticate every client request by passing username/password to make it
more secure.
Environment : Web Service/IIS5.0/ASP.NET 2.0 / C#.
Kindly help with your suggestions.
Thanks,
What is your environment?
Are you running under IIS?
Are you in a Windows domain with Active Directory?
Internal network or Internet access?
Do you have your own database of usernames and passwords?
It depends on factors such as these.
Stupid me, I see where you did specify some of your environment
settings in your initial post. Missed this before. But, would still
need to know some of the other details. More specifically the
Internet/Internal Nework? Windows Domain? users in Active Directory
or in own user store? etc.
Ron


Since the users will be in the Windows Domain Directory, then probably
the easiest thing to do is let Windows and IIS do most of the work.
Basically, you configure your web service for authentication and
enforce it through IIS. The client app will need to pass its username
and password via web service proxy credentials.

Here is a link that details this, hopefully will help...

http://samples.gotdotnet.com/quickst...eservices.aspx

If the windows domain is the client's logon domain, then you shouldn't
have to enter the name/password directly in the credentials, instead
just ask the client for its current credentials and pass them
directly. See...

http://support.microsoft.com/kb/813834

If the windows domain is different than the client's logon domain,
then I suppose you may need some config or GUI on the client side
where the user can specify their username and password and then pass
them directly as mentioned in the first link.

Ron
Jun 20 '07 #6
"Ibrahim." <Ib*****@discussions.microsoft.comwrote in message
news:2D**********************************@microsof t.com...
>
Hello,

Thanks for you information.,

I have another question, Can you kindly clarify the following :

How can pass an object from the webservice [webmethod] to the client
applicatoin c#.

I want to basically pass ArrayList object or any other types to the client
?
Keep in mind that web services are platform-neutral. This implies that you
can't pass types that are specific to the .NET platform. So, instead of an
ArrayList, pass an array. You can pass complex objects, but don't expect any
of their methods to be passed along. So, no indexers, non-default
constructors, or anything like that. Also, you can't pass generic types,
though you may be able to pass a generic instantiation:

public class MySpecificClass : MyGenericClass<int>
{
}

--
John Saunders [MVP]
Jun 20 '07 #7

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

4
by: ad | last post by:
I want to set integrated Secure in my connect string to SQL Server I set the connect string as: workstation id=xxx;packet size=4096;integrated security=SSPI;initial catalog=vvv;persist...
3
by: Kevin Richards | last post by:
I have a .NET web service that needs to be called from any platform. I need to make the Login method of the web service secure. It doesnt matter about the remaining methods, just the password...
1
by: mron0210 | last post by:
Hi, I have created a web service using Visual Studio .Net (Visual Studio Tools for Office : Excel project) and secured it using WSE 2.0. I have added a hyperlink in the Excel sheet which...
0
by: =?Utf-8?B?SmVmZiBCZWVt?= | last post by:
We have an asp.net 2.0 forms-authenticated application that uses the membership and role providers built into the framework. We already have an administration section in the application for those...
0
by: =?Utf-8?B?RmlsaXBwbyBCZXR0aW5hZ2xpbw==?= | last post by:
I have developed a web service under ASP.NET2. this web service call another web service which need a SSL connection. Therefore I pass, to be able to connect, I pass credential and certificate ...
6
by: =?Utf-8?B?Q3JhaWc=?= | last post by:
If I have an application that I send out to users, and the application interacts with the database (behind the scenes, no direct sql creation by the users)....do webservices make the app more...
2
by: =?Utf-8?B?cGF0cmlja2RyZA==?= | last post by:
Hi everyone! I have built a vb6 app that communicates with a web server to get data from an webservice through the internet (not lan). My question/problem is, 1) how could I make this...
1
by: Annonymous Coward | last post by:
I am writing an application which I will deploy to my clients. It is important for security, support, IP reasons etc, that the users are not able to access my databse schema (i.e. view/modify/run...
0
mbmccormick
by: mbmccormick | last post by:
I have a web service in the same project as the rest of my website. I am able to call my web service without any trouble from the Javascript on my page using the Script Manager. Now, I want to have...
1
isladogs
by: isladogs | last post by:
The next online meeting of the Access Europe User Group will be on Wednesday 6 Dec 2023 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, Mike...
0
by: VivesProcSPL | last post by:
Obviously, one of the original purposes of SQL is to make data query processing easy. The language uses many English-like terms and syntax in an effort to make it easy to learn, particularly for...
3
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 3 Jan 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). For other local times, please check World Time Buddy In...
0
by: mar23 | last post by:
Here's the situation. I have a form called frmDiceInventory with subform called subfrmDice. The subform's control source is linked to a query called qryDiceInventory. I've been trying to pick up the...
0
by: abbasky | last post by:
### Vandf component communication method one: data sharing ​ Vandf components can achieve data exchange through data sharing, state sharing, events, and other methods. Vandf's data exchange method...
0
by: fareedcanada | last post by:
Hello I am trying to split number on their count. suppose i have 121314151617 (12cnt) then number should be split like 12,13,14,15,16,17 and if 11314151617 (11cnt) then should be split like...
0
by: stefan129 | last post by:
Hey forum members, I'm exploring options for SSL certificates for multiple domains. Has anyone had experience with multi-domain SSL certificates? Any recommendations on reliable providers or specific...
0
Git
by: egorbl4 | last post by:
Скачал я git, хотел начать настройку, а там вылезло вот это Что это? Что мне с этим делать? ...
1
by: davi5007 | last post by:
Hi, Basically, I am trying to automate a field named TraceabilityNo into a web page from an access form. I've got the serial held in the variable strSearchString. How can I get this into the...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.