Login to the WebService

Hi Mike,

From your description, I understand you're encountering some problem get
authentication to seup for an ASP.NET webservice application, correct?

Based on the current settings and code snippet you mentioned, it seems
you're trying to use FormsAuthentication and Membership Provider to perform
user validation. As for forms authentication, I'd like to confirm the
following things:

1. Forms authentication depend on cookies to maintain authentication
cookie, therefore, if you use formsauthentication, you'll make your
webservice coupled to ASP.NET web environment and require the client-side
to support cookie. This is not recommended for standard webservice. Here is
a web article which mentioned Forms Authentication and implement all the
cookie related authentication ourselves:

#Authentication in ASP.NET Web Services
http://progtutorials.tripod.com/Authen.htm

Also, for ASP.NET webservice, there are many different kind of
authentication approach avaliable, the most common is windows
authentication(utilize the IIS webserver). And for custom authentication,
you can consider using "SoapHeader" to carry authentication properties:

#Authenticate .NET web service with custom SOAP Header
http://www.codeproject.com/KB/webser...ntication.aspx

#User Authentication in ASP.net Web Services
http://www.microsoft.com.nsatc.net/c...s/default.aspx
?dg=microsoft.public.dotnet.framework.aspnet.webse rvices&tid=0d3a95ad-7405-4
bfe-ade9-be80af42abee&cat=&lang=&cr=&sloc=&p=1

Hope this helps some.

Sincerely,

Steven Cheng

Microsoft MSDN Online Support Lead
Delighting our customers is our #1 priority. We welcome your comments and
suggestions about how we

can improve the support we provide to you. Please feel free to let my
manager know what you think of

the level of service provided. You can send feedback directly to my manager
at: ms****@microsoft.com.

==================================================
Get notification to my posts through email? Please refer to

http://msdn.microsoft.com/en-us/subs...#notifications.

Note: MSDN Managed Newsgroup support offering is for non-urgent issues
where an initial response from

the community or a Microsoft Support Engineer within 2 business day is
acceptable. Please note that

each follow up response may take approximately 2 business days as the
support professional working

with you may need further investigation to reach the most efficient
resolution. The offering is not

appropriate for situations that require urgent, real-time or phone-based
interactions. Issues of this

nature are best handled working with a dedicated Microsoft Support Engineer
by contacting Microsoft

Customer Support Services (CSS) at
http://msdn.microsoft.com/en-us/subs.../aa948874.aspx
==================================================
This posting is provided "AS IS" with no warranties, and confers no rights.

--------------------
From: "Mike Endys" <Mi******@nospam.nospam>
Subject: Login to the WebService
Date: Fri, 31 Oct 2008 11:53:57 +0100

Hi all,

have problem to use login to the web service. Im thinking about the web
service that provides datas and files to the WinForm Client. I want the
client log-in to the application... here is my not-working solution

this is my web service, with the Forms authentication and working on
AspSqlMembershipProvider and with Role provider implemented too. It is
working well. I can create user, I can ValidateUser... But I would like,
that I once ValidateUser, then it will be validated and authenticated whole
time the Client application is opened. So I will able to call
TrySecured() Method. What is the best practice, to do it?

In a few points:

1. Client App is a WinForm client
2. Must provide Creating new user -AspSqlMembershipProvider
3. Must provide only once SignUp to the aplication over web service via
AspSqlMembershipProvider
4. Some methods will be available only for authenticated users, or access
to
the methods will be managed via Membership roles.

public class UserAccountService : System.Web.Services.WebService
{

[WebMethod]
public bool Login(string userName, string password)
{
bool retVal = Membership.ValidateUser(userName, password);
return retVal;
}
[WebMethod]
public string GetCurrentUser()
{
MembershipUser mUser = Membership.GetUser();
return mUser.UserName;

}
[WebMethod]
[PrincipalPermission(SecurityAction.Demand, Authenticated = true)]
public string TrySecured()
{
return "Secured call successful";
}
}

Thanks a lot for any ideas.
Mike

Hi Mike,

How are you doing?

Have you got any further id ea on this issue or does the information in my
last reply help you some?

Sincerely,

Steven Cheng

Microsoft MSDN Online Support Lead
Delighting our customers is our #1 priority. We welcome your comments and
suggestions about how we

can improve the support we provide to you. Please feel free to let my
manager know what you think of

the level of service provided. You can send feedback directly to my manager
at: ms****@microsoft.com.

==================================================
Get notification to my posts through email? Please refer to

http://msdn.microsoft.com/en-us/subs...#notifications.

This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------

From: st*****@online.microsoft.com ("Steven Cheng")
Organization: Microsoft
Date: Mon, 03 Nov 2008 04:14:30 GMT
Subject: RE: Login to the WebService
Hi Mike,

From your description, I understand you're encountering some problem get
authentication to seup for an ASP.NET webservice application, correct?

Based on the current settings and code snippet you mentioned, it seems
you're trying to use FormsAuthentication and Membership Provider to perform
user validation. As for forms authentication, I'd like to confirm the
following things:

1. Forms authentication depend on cookies to maintain authentication
cookie, therefore, if you use formsauthentication, you'll make your
webservice coupled to ASP.NET web environment and require the client-side
to support cookie. This is not recommended for standard webservice. Here is
a web article which mentioned Forms Authentication and implement all the
cookie related authentication ourselves:

#Authentication in ASP.NET Web Services
http://progtutorials.tripod.com/Authen.htm

Also, for ASP.NET webservice, there are many different kind of
authentication approach avaliable, the most common is windows
authentication(utilize the IIS webserver). And for custom authentication,
you can consider using "SoapHeader" to carry authentication properties:

#Authenticate .NET web service with custom SOAP Header
http://www.codeproject.com/KB/webser...ntication.aspx

#User Authentication in ASP.net Web Services
http://www.microsoft.com.nsatc.net/c...s/default.aspx
?dg=microsoft.public.dotnet.framework.aspnet.webse rvices&tid=0d3a95ad-7405-4
bfe-ade9-be80af42abee&cat=&lang=&cr=&sloc=&p=1

Hope this helps some.

Sincerely,

Steven Cheng

Microsoft MSDN Online Support Lead
Delighting our customers is our #1 priority. We welcome your comments and
suggestions about how we can improve the support we provide to you. Please
feel free to let my manager know what you think of the level of service
provided. You can send feedback directly to my manager at:
ms****@microsoft.com.

==================================================
Get notification to my posts through email? Please refer to
http://msdn.microsoft.com/en-us/subs...#notifications.

Note: MSDN Managed Newsgroup support offering is for non-urgent issues
where an initial response from the community or a Microsoft Support
Engineer within 2 business day is acceptable. Please note that each follow
up response may take approximately 2 business days as the support
professional working with you may need further investigation to reach the
most efficient resolution. The offering is not appropriate for situations
that require urgent, real-time or phone-based interactions. Issues of this
nature are best handled working with a dedicated Microsoft Support Engineer
by contacting Microsoft Customer Support Services (CSS) at
http://msdn.microsoft.com/en-us/subs.../aa948874.aspx
==================================================
This posting is provided "AS IS" with no warranties, and confers no rights.

--------------------
From: "Mike Endys" <Mi******@nospam.nospam>
Subject: Login to the WebService
Date: Fri, 31 Oct 2008 11:53:57 +0100

Hi all,

have problem to use login to the web service. Im thinking about the web
service that provides datas and files to the WinForm Client. I want the
client log-in to the application... here is my not-working solution

this is my web service, with the Forms authentication and working on
AspSqlMembershipProvider and with Role provider implemented too. It is
working well. I can create user, I can ValidateUser... But I would like,
that I once ValidateUser, then it will be validated and authenticated whole
time the Client application is opened. So I will able to call
TrySecured() Method. What is the best practice, to do it?

In a few points:

1. Client App is a WinForm client
2. Must provide Creating new user -AspSqlMembershipProvider
3. Must provide only once SignUp to the aplication over web service via
AspSqlMembershipProvider
4. Some methods will be available only for authenticated users, or access
to
the methods will be managed via Membership roles.

public class UserAccountService : System.Web.Services.WebService
{

[WebMethod]
public bool Login(string userName, string password)
{
bool retVal = Membership.ValidateUser(userName, password);
return retVal;
}
[WebMethod]
public string GetCurrentUser()
{
MembershipUser mUser = Membership.GetUser();
return mUser.UserName;

}
[WebMethod]
[PrincipalPermission(SecurityAction.Demand, Authenticated = true)]
public string TrySecured()
{
return "Secured call successful";
}
}

Thanks a lot for any ideas.
Mike