Re: Secure Access to Web Service.

On Jun 15, 4:06 am, Ibrahim. <Ibra...@xxxxxxxxxxxxxxxxxxxxxxxxx>
wrote:
Hello,

OK, let me explain the Environement:

Web Server IIS 5.0
ASP.NET 2.0
Windows Domain Accounts (2003)
No Active Directory Service

Let me know what you think and how can I implement security (log in).

Regards,

"ronscottlang...@xxxxxxxxx" wrote:
On Jun 13, 11:36 am, ronscottlang...@xxxxxxxxx wrote:
On Jun 13, 9:48 am, Ibrahim. <Ibra...@xxxxxxxxxxxxxxxxxxxxxxxxx>
wrote:

Hi,

I have a client application which Accesses Web Service. but the Web service
allows anonymous access to any client request (web/smart client). I want to
authenticate every client request by passing username/password to make it
more secure.

Environment : Web Service/IIS5.0/ASP.NET 2.0 / C#.

Kindly help with your suggestions.

Thanks,

What is your environment?

Are you running under IIS?

Are you in a Windows domain with Active Directory?

Internal network or Internet access?

Do you have your own database of usernames and passwords?

It depends on factors such as these.

Stupid me, I see where you did specify some of your environment
settings in your initial post. Missed this before. But, would still
need to know some of the other details. More specifically the
Internet/Internal Nework? Windows Domain? users in Active Directory
or in own user store? etc.

Ron


Since the users will be in the Windows Domain Directory, then probably
the easiest thing to do is let Windows and IIS do most of the work.
Basically, you configure your web service for authentication and
enforce it through IIS. The client app will need to pass its username
and password via web service proxy credentials.

Here is a link that details this, hopefully will help...

http://samples.gotdotnet.com/quickstart/aspplus/doc/secureservices.aspx

If the windows domain is the client's logon domain, then you shouldn't
have to enter the name/password directly in the credentials, instead
just ask the client for its current credentials and pass them
directly. See...

http://support.microsoft.com/kb/813834

If the windows domain is different than the client's logon domain,
then I suppose you may need some config or GUI on the client side
where the user can specify their username and password and then pass
them directly as mentioned in the first link.

Ron


.

Relevant Pages

  • Re: Secure Access to Web Service.
    ... I want to basically pass ArrayList object or any other types to the client? ... Windows Domain Accounts ... The client app will need to pass its username ... and password via web service proxy credentials. ...
    (microsoft.public.dotnet.framework.webservices)
  • Re: ISA question
    ... you simply cannot sucessfully run XP home in any Windows domain. ... Hope it's okay to post here as the question is more so with ISA firewall ... I have a client which is running Windows XP Home, and I get a lot of errors ...
    (microsoft.public.windows.server.sbs)
  • Erratic System.NullReferenceException
    ... object hosted in A in the same client process. ... Does the direct cable and no DNS server or windows domain has something to ...
    (microsoft.public.dotnet.framework.remoting)
  • Erratic System.NullReferenceException
    ... object hosted in A in the same client process. ... Does the direct cable and no DNS server or windows domain has something to ...
    (microsoft.public.dotnet.framework.remoting)
  • Re: Erratic System.NullReferenceException
    ... See if setting machineName to the IP of the machine will work. ... > object hosted in A in the same client process. ... > Does the direct cable and no DNS server or windows domain has something to ...
    (microsoft.public.dotnet.framework.remoting)