Webservice security
From: Alex (alex_at_nospam.net)
Date: 02/26/04
- Next message: Lucien: "Re: WS-Addressing Reference Properties Confusion"
- Previous message: Ritu: "Limit in number of References in a Signature element?"
- Messages sorted by: [ date ] [ thread ]
Date: Thu, 26 Feb 2004 11:46:37 -0700
I am new to C# webservices, but not asp.net and windows development. I am
looking for help with security models. Basically, I have a webservice which
exposes a few functions, one of which is Login( string username, string
password, string application ). This login function will return an encrypted
key (string) to the user, and it will expire after 30 minutes.
I am wondering, for my webservice function signatures, should I include the
parameter ClientToken for each function call? Is there a better way to do
this using WSE? I would like to see how WSE works with sample code, not just
reading theories.
Is this a bad approach? What would WSE do for me that is different then
below? Thanks for the help.
[WebMethod]
public string Login( string username, string password, string app ){
// validate your username, password, app ...
return encryptedString;
}
[WebMethod]
public string GetSomeString( string something, string ClientToken ){
// determine if the user is authenticated
if( IsValidUser(ClientToken) ){
// this is good, process and return some string ...
}
else {
// user is not valid, return soap error
}
}
public bool IsValidUser( string ClientToken ){
// validate this ClientToken against our database
}
- Next message: Lucien: "Re: WS-Addressing Reference Properties Confusion"
- Previous message: Ritu: "Limit in number of References in a Signature element?"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
