tags:

views:

97

answers:

2
+2  Q: 

UserName Authentication web services

I need to implement UserName authentication for my web service.

Currently I am considering these two approaches

  1. SOAPHeader: http://www.codeproject.com/KB/cpp/authforwebservices.aspx
  2. UserNameToken: WSE 3.0: http://msdn.microsoft.com/en-us/library/aa480575.aspx

Can anyone tell me pros-cons of these approaches?

One of the major doubt is regarding client being able to consume the service. Client is using Java, would it be possible for them to pass UserNameToken implemented using WSE or are there any integration issues?

EDIT: Also please suggest if there are any better ways (ASMX Services) to implement UserName/Password authentication.

+2  A: 

Why not use HTTP basic access authentication ? link text

cheers

Marcin  2009-11-10 16:57:58
Thanks Marcin. I have seen this before but never thought of this as an option. Do you have any more info on comparison with SOAP or few pros and cons...Thanks.
noob.spt  2009-11-10 18:12:19
+2  A: 

I would like to warn you against using WSE 3.0. Unless you are involved in a large enterprise federated system, stay well clear. It's way too much, overly complicated and we are still trying to rid it from one of our major systems.

If you just need to use username authentication then use the soap header approach.

MSDN Link: Building Secure ASP.NET Applications: Authentication, Authorization, and Secure Communication

Chris Arnold  2009-11-10 17:07:28
Thanks Chris, Could you provide some more info on issues you faced while using WSE 3.0. So far what I have heard is its easy to implement services (esp security) using WSE. I have never used it though.
noob.spt  2009-11-10 18:10:21
Firstly, you need to install the libraries on all your dev machines and host servers. It adds an overhead to all your web references (if you're using VS) as it creates 2 proxy classes for every service. It can work well and is, certainly, extremely powerful - but do you need it? Transport-level security (SSL) in combination with simple username tokens will give you what you need.The biggest problem, we found, was if something went wrong. The xml configuration files are very "fragile" and rely on the server and client agreeing absolutely. Debugging exceptions is an absolute nightmare.
Chris Arnold  2009-11-11 07:46:29

related questions

Displaying Flash content in a C# WinForms application
How to get the value of built, encoded ViewState?
Unhandled Exception Handler in .NET 1.1
How do I connect to a database and loop over a recordset in C#?
How do I most elegantly express left join with aggregate SQL as LINQ query
Get a new object instance from a Type in C#
.NET Testing Framework Advice
Automatically update version number
What is the difference between an int and an Integer in Java/C#?
How to write to Web.Config in Medium Trust ?
WinForms ComboBox data binding gotcha
How do you sort a C# dictionary by value?
Adding Scripting functionality to .NET applications
Floating Point Number parsing: Is there a Catch All algorithm?
How do I print an HTML document from a web service?
Decoding T-SQL CAST in C#/VB.net
Anatomy of a "Memory Leak"
How do I get a distinct, ordered list of names from a DataTable using Linq
Reliable Timer in a Console Application
How do I fill a DataSet or a DataTable from a LINQ query resultset ?
What's the difference between Math.Floor() and Math.Truncate() in .NET?
How do I calculate relative time?
How do I calculate someone's age in C#?
Are there any conversion tools for porting Visual J# code to C#?
When setting a form's opacity should I use a decimal or double?