RE: Login to the WebService

{\rtf1\ansi\ansicpg936\deff0\deflang1033\deflangfe2052{\fonttbl{\f0\fnil\fprq2\fcharset0 MS Sans Serif;}}
\viewkind4\uc1\pard\lang2052\f0\fs20 Hi Mike,
\par
\par How are you doing?
\par
\par Have you got any further id ea on this issue or does the information in my last reply help you some?
\par
\par Sincerely,
\par
\par Steven Cheng
\par
\par Microsoft MSDN Online Support Lead
\par
\par
\par Delighting our customers is our #1 priority. We welcome your comments and suggestions about how we can improve the support we provide to you. Please feel free to let my manager know what you think of the level of service provided. You can send feedback directly to my manager at: msdnmg@xxxxxxxxxxxxxx
\par
\par ==================================================
\par Get notification to my posts through email? Please refer to http://msdn.microsoft.com/en-us/subscriptions/aa948868.aspx#notifications.
\par
\par This posting is provided "AS IS" with no warranties, and confers no rights.
\par
\par
\par \pard\li720 --------------------
\par
\par From: stcheng@xxxxxxxxxxxxxxxxxxxx ("Steven Cheng")
\par Organization: Microsoft
\par Date: Mon, 03 Nov 2008 04:14:30 GMT
\par Subject: RE: Login to the WebService
\par
\par
\par Hi Mike,
\par
\par From your description, I understand you're encountering some problem get authentication to seup for an ASP.NET webservice application, correct?
\par
\par Based on the current settings and code snippet you mentioned, it seems you're trying to use FormsAuthentication and Membership Provider to perform user validation. As for forms authentication, I'd like to confirm the following things:
\par
\par 1. Forms authentication depend on cookies to maintain authentication cookie, therefore, if you use formsauthentication, you'll make your webservice coupled to ASP.NET web environment and require the client-side to support cookie. This is not recommended for standard webservice. Here is a web article which mentioned Forms Authentication and implement all the cookie related authentication ourselves:
\par
\par #Authentication in ASP.NET Web Services
\par http://progtutorials.tripod.com/Authen.htm
\par
\par Also, for ASP.NET webservice, there are many different kind of authentication approach avaliable, the most common is windows authentication(utilize the IIS webserver). And for custom authentication, you can consider using "SoapHeader" to carry authentication properties:
\par
\par #Authenticate .NET web service with custom SOAP Header
\par http://www.codeproject.com/KB/webservices/SOAPHeaderAuthentication.aspx
\par
\par #User Authentication in ASP.net Web Services
\par http://www.microsoft.com.nsatc.net/communities/newsgroups/en-us/default.aspx?dg=microsoft.public.dotnet.framework.aspnet.webservices&tid=0d3a95ad-7405-4bfe-ade9-be80af42abee&cat=&lang=&cr=&sloc=&p=1
\par
\par Hope this helps some.
\par
\par Sincerely,
\par
\par Steven Cheng
\par
\par Microsoft MSDN Online Support Lead
\par
\par
\par Delighting our customers is our #1 priority. We welcome your comments and suggestions about how we can improve the support we provide to you. Please feel free to let my manager know what you think of the level of service provided. You can send feedback directly to my manager at: msdnmg@xxxxxxxxxxxxxx
\par
\par ==================================================
\par Get notification to my posts through email? Please refer to http://msdn.microsoft.com/en-us/subscriptions/aa948868.aspx#notifications.
\par
\par Note: MSDN Managed Newsgroup support offering is for non-urgent issues where an initial response from the community or a Microsoft Support Engineer within 2 business day is acceptable. Please note that each follow up response may take approximately 2 business days as the support professional working with you may need further investigation to reach the most efficient resolution. The offering is not appropriate for situations that require urgent, real-time or phone-based interactions. Issues of this nature are best handled working with a dedicated Microsoft Support Engineer by contacting Microsoft Customer Support Services (CSS) at http://msdn.microsoft.com/en-us/subscriptions/aa948874.aspx
\par ==================================================
\par This posting is provided "AS IS" with no warranties, and confers no rights.
\par
\par
\par
\par \pard\li1440 --------------------
\par From: "Mike Endys" <MikeEndy@xxxxxxxxxxxxx>
\par Subject: Login to the WebService
\par Date: Fri, 31 Oct 2008 11:53:57 +0100
\par
\par Hi all,
\par
\par have problem to use login to the web service. Im thinking about the web
\par service that provides datas and files to the WinForm Client. I want the
\par client log-in to the application... here is my not-working solution
\par
\par this is my web service, with the Forms authentication and working on
\par AspSqlMembershipProvider and with Role provider implemented too. It is
\par working well. I can create user, I can ValidateUser... But I would like,
\par that I once ValidateUser, then it will be validated and authenticated whole
\par time the Client application is opened. So I will able to call
\par TrySecured() Method. What is the best practice, to do it?
\par
\par In a few points:
\par
\par 1. Client App is a WinForm client
\par 2. Must provide Creating new user -> AspSqlMembershipProvider
\par 3. Must provide only once SignUp to the aplication over web service via
\par AspSqlMembershipProvider
\par 4. Some methods will be available only for authenticated users, or access to
\par the methods will be managed via Membership roles.
\par
\par public class UserAccountService : System.Web.Services.WebService
\par \{
\par
\par [WebMethod]
\par public bool Login(string userName, string password)
\par \{
\par bool retVal = Membership.ValidateUser(userName, password);
\par return retVal;
\par \}
\par
\par
\par [WebMethod]
\par public string GetCurrentUser()
\par \{
\par MembershipUser mUser = Membership.GetUser();
\par return mUser.UserName;
\par
\par \}
\par
\par
\par [WebMethod]
\par [PrincipalPermission(SecurityAction.Demand, Authenticated = true)]
\par public string TrySecured()
\par \{
\par return "Secured call successful";
\par \}
\par \}
\par
\par Thanks a lot for any ideas.
\par Mike
\par
\par \pard\li720
\par
\par \pard
\par
\par }

Relevant Pages

  • Re: a web service to log in to a image application server
    ... I don't know how it would be handled client side using PHP. ... You could also reuse a known authentication scheme. ... The image server is used to stored image documents requiring ... If I develop a web service to authenticate log in to ...
    (microsoft.public.dotnet.framework.aspnet.webservices)
  • WSE 2.0 error: Requested registry access is not allowed
    ... authentication. ... either for web service and client. ...
    (microsoft.public.dotnet.framework.webservices.enhancements)
  • RE: Enabling HTTP Post to invoke web services
    ... Would the fact that the web service's authentication mode is set to Windows ... So to use the web service, ... I am using a POST, so I could disabled HTTP GET, and accoding to the article ... > Hello Mike, ...
    (microsoft.public.dotnet.framework.aspnet.webservices)
  • Security, WebServices
    ... We are implementing authentication and authorization in an n-tier ... created a security web service that wraps azman with a few methods such ... the client and the middle tier. ... Client sets credentials on and invokes BusinessLogicService ...
    (microsoft.public.dotnet.security)
  • Login to the WebService
    ... Im thinking about the web service that provides datas and files to the WinForm Client. ... with the Forms authentication and working on AspSqlMembershipProvider and with Role provider implemented too. ... public string GetCurrentUser() ...
    (microsoft.public.dotnet.framework.webservices)
Loading