By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
432,414 Members | 1,057 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 432,414 IT Pros & Developers. It's quick & easy.

Secure Access to Web Service.

P: n/a
Hi,

I have a client application which Accesses Web Service. but the Web service
allows anonymous access to any client request (web/smart client). I want to
authenticate every client request by passing username/password to make it
more secure.

Environment : Web Service/IIS5.0/ASP.NET 2.0 / C#.

Kindly help with your suggestions.

Thanks,
Jun 13 '07 #1
Share this Question
Share on Google+
6 Replies


P: n/a
On Jun 13, 9:48 am, Ibrahim. <Ibra...@discussions.microsoft.com>
wrote:
Hi,

I have a client application which Accesses Web Service. but the Web service
allows anonymous access to any client request (web/smart client). I want to
authenticate every client request by passing username/password to make it
more secure.

Environment : Web Service/IIS5.0/ASP.NET 2.0 / C#.

Kindly help with your suggestions.

Thanks,
What is your environment?

Are you running under IIS?

Are you in a Windows domain with Active Directory?

Internal network or Internet access?

Do you have your own database of usernames and passwords?

It depends on factors such as these.
Jun 13 '07 #2

P: n/a
On Jun 13, 11:36 am, ronscottlang...@yahoo.com wrote:
On Jun 13, 9:48 am, Ibrahim. <Ibra...@discussions.microsoft.com>
wrote:
Hi,
I have a client application which Accesses Web Service. but the Web service
allows anonymous access to any client request (web/smart client). I want to
authenticate every client request by passing username/password to make it
more secure.
Environment : Web Service/IIS5.0/ASP.NET 2.0 / C#.
Kindly help with your suggestions.
Thanks,

What is your environment?

Are you running under IIS?

Are you in a Windows domain with Active Directory?

Internal network or Internet access?

Do you have your own database of usernames and passwords?

It depends on factors such as these.

Stupid me, I see where you did specify some of your environment
settings in your initial post. Missed this before. But, would still
need to know some of the other details. More specifically the
Internet/Internal Nework? Windows Domain? users in Active Directory
or in own user store? etc.

Ron
Jun 13 '07 #3

P: n/a
Hello,

OK, let me explain the Environement:

Web Server IIS 5.0
ASP.NET 2.0
Windows Domain Accounts (2003)
No Active Directory Service

Let me know what you think and how can I implement security (log in).

Regards,

"ro*************@yahoo.com" wrote:
On Jun 13, 11:36 am, ronscottlang...@yahoo.com wrote:
On Jun 13, 9:48 am, Ibrahim. <Ibra...@discussions.microsoft.com>
wrote:
Hi,
I have a client application which Accesses Web Service. but the Web service
allows anonymous access to any client request (web/smart client). I want to
authenticate every client request by passing username/password to make it
more secure.
Environment : Web Service/IIS5.0/ASP.NET 2.0 / C#.
Kindly help with your suggestions.
Thanks,
What is your environment?

Are you running under IIS?

Are you in a Windows domain with Active Directory?

Internal network or Internet access?

Do you have your own database of usernames and passwords?

It depends on factors such as these.


Stupid me, I see where you did specify some of your environment
settings in your initial post. Missed this before. But, would still
need to know some of the other details. More specifically the
Internet/Internal Nework? Windows Domain? users in Active Directory
or in own user store? etc.

Ron
Jun 15 '07 #4

P: n/a
On Jun 15, 4:06 am, Ibrahim. <Ibra...@discussions.microsoft.com>
wrote:
Hello,

OK, let me explain the Environement:

Web Server IIS 5.0
ASP.NET 2.0
Windows Domain Accounts (2003)
No Active Directory Service

Let me know what you think and how can I implement security (log in).

Regards,

"ronscottlang...@yahoo.com" wrote:
On Jun 13, 11:36 am, ronscottlang...@yahoo.com wrote:
On Jun 13, 9:48 am, Ibrahim. <Ibra...@discussions.microsoft.com>
wrote:
Hi,
I have a client application which Accesses Web Service. but the Web service
allows anonymous access to any client request (web/smart client). I want to
authenticate every client request by passing username/password to make it
more secure.
Environment : Web Service/IIS5.0/ASP.NET 2.0 / C#.
Kindly help with your suggestions.
Thanks,
What is your environment?
Are you running under IIS?
Are you in a Windows domain with Active Directory?
Internal network or Internet access?
Do you have your own database of usernames and passwords?
It depends on factors such as these.
Stupid me, I see where you did specify some of your environment
settings in your initial post. Missed this before. But, would still
need to know some of the other details. More specifically the
Internet/Internal Nework? Windows Domain? users in Active Directory
or in own user store? etc.
Ron

Since the users will be in the Windows Domain Directory, then probably
the easiest thing to do is let Windows and IIS do most of the work.
Basically, you configure your web service for authentication and
enforce it through IIS. The client app will need to pass its username
and password via web service proxy credentials.

Here is a link that details this, hopefully will help...

http://samples.gotdotnet.com/quickst...eservices.aspx

If the windows domain is the client's logon domain, then you shouldn't
have to enter the name/password directly in the credentials, instead
just ask the client for its current credentials and pass them
directly. See...

http://support.microsoft.com/kb/813834

If the windows domain is different than the client's logon domain,
then I suppose you may need some config or GUI on the client side
where the user can specify their username and password and then pass
them directly as mentioned in the first link.

Ron
Jun 15 '07 #5

P: n/a

Hello,

Thanks for you information.,

I have another question, Can you kindly clarify the following :

How can pass an object from the webservice [webmethod] to the client
applicatoin c#.

I want to basically pass ArrayList object or any other types to the client ?

Regards,

"ro*************@yahoo.com" wrote:
On Jun 15, 4:06 am, Ibrahim. <Ibra...@discussions.microsoft.com>
wrote:
Hello,

OK, let me explain the Environement:

Web Server IIS 5.0
ASP.NET 2.0
Windows Domain Accounts (2003)
No Active Directory Service

Let me know what you think and how can I implement security (log in).

Regards,

"ronscottlang...@yahoo.com" wrote:
On Jun 13, 11:36 am, ronscottlang...@yahoo.com wrote:
On Jun 13, 9:48 am, Ibrahim. <Ibra...@discussions.microsoft.com>
wrote:
Hi,
I have a client application which Accesses Web Service. but the Web service
allows anonymous access to any client request (web/smart client). I want to
authenticate every client request by passing username/password to make it
more secure.
Environment : Web Service/IIS5.0/ASP.NET 2.0 / C#.
Kindly help with your suggestions.
Thanks,
What is your environment?
Are you running under IIS?
Are you in a Windows domain with Active Directory?
Internal network or Internet access?
Do you have your own database of usernames and passwords?
It depends on factors such as these.
Stupid me, I see where you did specify some of your environment
settings in your initial post. Missed this before. But, would still
need to know some of the other details. More specifically the
Internet/Internal Nework? Windows Domain? users in Active Directory
or in own user store? etc.
Ron


Since the users will be in the Windows Domain Directory, then probably
the easiest thing to do is let Windows and IIS do most of the work.
Basically, you configure your web service for authentication and
enforce it through IIS. The client app will need to pass its username
and password via web service proxy credentials.

Here is a link that details this, hopefully will help...

http://samples.gotdotnet.com/quickst...eservices.aspx

If the windows domain is the client's logon domain, then you shouldn't
have to enter the name/password directly in the credentials, instead
just ask the client for its current credentials and pass them
directly. See...

http://support.microsoft.com/kb/813834

If the windows domain is different than the client's logon domain,
then I suppose you may need some config or GUI on the client side
where the user can specify their username and password and then pass
them directly as mentioned in the first link.

Ron
Jun 20 '07 #6

P: n/a
"Ibrahim." <Ib*****@discussions.microsoft.comwrote in message
news:2D**********************************@microsof t.com...
>
Hello,

Thanks for you information.,

I have another question, Can you kindly clarify the following :

How can pass an object from the webservice [webmethod] to the client
applicatoin c#.

I want to basically pass ArrayList object or any other types to the client
?
Keep in mind that web services are platform-neutral. This implies that you
can't pass types that are specific to the .NET platform. So, instead of an
ArrayList, pass an array. You can pass complex objects, but don't expect any
of their methods to be passed along. So, no indexers, non-default
constructors, or anything like that. Also, you can't pass generic types,
though you may be able to pass a generic instantiation:

public class MySpecificClass : MyGenericClass<int>
{
}

--
John Saunders [MVP]
Jun 20 '07 #7

This discussion thread is closed

Replies have been disabled for this discussion.