471,354 Members | 1,507 Online
Bytes | Software Development & Data Engineering Community
Post +

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 471,354 software developers and data experts.

Secure Access to Web Service.

Hi,

I have a client application which Accesses Web Service. but the Web service
allows anonymous access to any client request (web/smart client). I want to
authenticate every client request by passing username/password to make it
more secure.

Environment : Web Service/IIS5.0/ASP.NET 2.0 / C#.

Kindly help with your suggestions.

Thanks,
Jun 13 '07 #1
6 2297
On Jun 13, 9:48 am, Ibrahim. <Ibra...@discussions.microsoft.com>
wrote:
Hi,

I have a client application which Accesses Web Service. but the Web service
allows anonymous access to any client request (web/smart client). I want to
authenticate every client request by passing username/password to make it
more secure.

Environment : Web Service/IIS5.0/ASP.NET 2.0 / C#.

Kindly help with your suggestions.

Thanks,
What is your environment?

Are you running under IIS?

Are you in a Windows domain with Active Directory?

Internal network or Internet access?

Do you have your own database of usernames and passwords?

It depends on factors such as these.
Jun 13 '07 #2
On Jun 13, 11:36 am, ronscottlang...@yahoo.com wrote:
On Jun 13, 9:48 am, Ibrahim. <Ibra...@discussions.microsoft.com>
wrote:
Hi,
I have a client application which Accesses Web Service. but the Web service
allows anonymous access to any client request (web/smart client). I want to
authenticate every client request by passing username/password to make it
more secure.
Environment : Web Service/IIS5.0/ASP.NET 2.0 / C#.
Kindly help with your suggestions.
Thanks,

What is your environment?

Are you running under IIS?

Are you in a Windows domain with Active Directory?

Internal network or Internet access?

Do you have your own database of usernames and passwords?

It depends on factors such as these.

Stupid me, I see where you did specify some of your environment
settings in your initial post. Missed this before. But, would still
need to know some of the other details. More specifically the
Internet/Internal Nework? Windows Domain? users in Active Directory
or in own user store? etc.

Ron
Jun 13 '07 #3
Hello,

OK, let me explain the Environement:

Web Server IIS 5.0
ASP.NET 2.0
Windows Domain Accounts (2003)
No Active Directory Service

Let me know what you think and how can I implement security (log in).

Regards,

"ro*************@yahoo.com" wrote:
On Jun 13, 11:36 am, ronscottlang...@yahoo.com wrote:
On Jun 13, 9:48 am, Ibrahim. <Ibra...@discussions.microsoft.com>
wrote:
Hi,
I have a client application which Accesses Web Service. but the Web service
allows anonymous access to any client request (web/smart client). I want to
authenticate every client request by passing username/password to make it
more secure.
Environment : Web Service/IIS5.0/ASP.NET 2.0 / C#.
Kindly help with your suggestions.
Thanks,
What is your environment?

Are you running under IIS?

Are you in a Windows domain with Active Directory?

Internal network or Internet access?

Do you have your own database of usernames and passwords?

It depends on factors such as these.


Stupid me, I see where you did specify some of your environment
settings in your initial post. Missed this before. But, would still
need to know some of the other details. More specifically the
Internet/Internal Nework? Windows Domain? users in Active Directory
or in own user store? etc.

Ron
Jun 15 '07 #4
On Jun 15, 4:06 am, Ibrahim. <Ibra...@discussions.microsoft.com>
wrote:
Hello,

OK, let me explain the Environement:

Web Server IIS 5.0
ASP.NET 2.0
Windows Domain Accounts (2003)
No Active Directory Service

Let me know what you think and how can I implement security (log in).

Regards,

"ronscottlang...@yahoo.com" wrote:
On Jun 13, 11:36 am, ronscottlang...@yahoo.com wrote:
On Jun 13, 9:48 am, Ibrahim. <Ibra...@discussions.microsoft.com>
wrote:
Hi,
I have a client application which Accesses Web Service. but the Web service
allows anonymous access to any client request (web/smart client). I want to
authenticate every client request by passing username/password to make it
more secure.
Environment : Web Service/IIS5.0/ASP.NET 2.0 / C#.
Kindly help with your suggestions.
Thanks,
What is your environment?
Are you running under IIS?
Are you in a Windows domain with Active Directory?
Internal network or Internet access?
Do you have your own database of usernames and passwords?
It depends on factors such as these.
Stupid me, I see where you did specify some of your environment
settings in your initial post. Missed this before. But, would still
need to know some of the other details. More specifically the
Internet/Internal Nework? Windows Domain? users in Active Directory
or in own user store? etc.
Ron

Since the users will be in the Windows Domain Directory, then probably
the easiest thing to do is let Windows and IIS do most of the work.
Basically, you configure your web service for authentication and
enforce it through IIS. The client app will need to pass its username
and password via web service proxy credentials.

Here is a link that details this, hopefully will help...

http://samples.gotdotnet.com/quickst...eservices.aspx

If the windows domain is the client's logon domain, then you shouldn't
have to enter the name/password directly in the credentials, instead
just ask the client for its current credentials and pass them
directly. See...

http://support.microsoft.com/kb/813834

If the windows domain is different than the client's logon domain,
then I suppose you may need some config or GUI on the client side
where the user can specify their username and password and then pass
them directly as mentioned in the first link.

Ron
Jun 15 '07 #5

Hello,

Thanks for you information.,

I have another question, Can you kindly clarify the following :

How can pass an object from the webservice [webmethod] to the client
applicatoin c#.

I want to basically pass ArrayList object or any other types to the client ?

Regards,

"ro*************@yahoo.com" wrote:
On Jun 15, 4:06 am, Ibrahim. <Ibra...@discussions.microsoft.com>
wrote:
Hello,

OK, let me explain the Environement:

Web Server IIS 5.0
ASP.NET 2.0
Windows Domain Accounts (2003)
No Active Directory Service

Let me know what you think and how can I implement security (log in).

Regards,

"ronscottlang...@yahoo.com" wrote:
On Jun 13, 11:36 am, ronscottlang...@yahoo.com wrote:
On Jun 13, 9:48 am, Ibrahim. <Ibra...@discussions.microsoft.com>
wrote:
Hi,
I have a client application which Accesses Web Service. but the Web service
allows anonymous access to any client request (web/smart client). I want to
authenticate every client request by passing username/password to make it
more secure.
Environment : Web Service/IIS5.0/ASP.NET 2.0 / C#.
Kindly help with your suggestions.
Thanks,
What is your environment?
Are you running under IIS?
Are you in a Windows domain with Active Directory?
Internal network or Internet access?
Do you have your own database of usernames and passwords?
It depends on factors such as these.
Stupid me, I see where you did specify some of your environment
settings in your initial post. Missed this before. But, would still
need to know some of the other details. More specifically the
Internet/Internal Nework? Windows Domain? users in Active Directory
or in own user store? etc.
Ron


Since the users will be in the Windows Domain Directory, then probably
the easiest thing to do is let Windows and IIS do most of the work.
Basically, you configure your web service for authentication and
enforce it through IIS. The client app will need to pass its username
and password via web service proxy credentials.

Here is a link that details this, hopefully will help...

http://samples.gotdotnet.com/quickst...eservices.aspx

If the windows domain is the client's logon domain, then you shouldn't
have to enter the name/password directly in the credentials, instead
just ask the client for its current credentials and pass them
directly. See...

http://support.microsoft.com/kb/813834

If the windows domain is different than the client's logon domain,
then I suppose you may need some config or GUI on the client side
where the user can specify their username and password and then pass
them directly as mentioned in the first link.

Ron
Jun 20 '07 #6
"Ibrahim." <Ib*****@discussions.microsoft.comwrote in message
news:2D**********************************@microsof t.com...
>
Hello,

Thanks for you information.,

I have another question, Can you kindly clarify the following :

How can pass an object from the webservice [webmethod] to the client
applicatoin c#.

I want to basically pass ArrayList object or any other types to the client
?
Keep in mind that web services are platform-neutral. This implies that you
can't pass types that are specific to the .NET platform. So, instead of an
ArrayList, pass an array. You can pass complex objects, but don't expect any
of their methods to be passed along. So, no indexers, non-default
constructors, or anything like that. Also, you can't pass generic types,
though you may be able to pass a generic instantiation:

public class MySpecificClass : MyGenericClass<int>
{
}

--
John Saunders [MVP]
Jun 20 '07 #7

This discussion thread is closed

Replies have been disabled for this discussion.

Similar topics

4 posts views Thread by ad | last post: by
3 posts views Thread by Kevin Richards | last post: by
1 post views Thread by mron0210 | last post: by
reply views Thread by =?Utf-8?B?SmVmZiBCZWVt?= | last post: by
reply views Thread by =?Utf-8?B?RmlsaXBwbyBCZXR0aW5hZ2xpbw==?= | last post: by
6 posts views Thread by =?Utf-8?B?Q3JhaWc=?= | last post: by
2 posts views Thread by =?Utf-8?B?cGF0cmlja2RyZA==?= | last post: by
1 post views Thread by Annonymous Coward | last post: by

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.