views:

47

answers:

1

I have a webservice that's behind form's authentication. The site that hosts the service also serves as a site that requires a user to log in via the login page.

I have a second site that needs to be able to access the service that the first site hosts. However, when attempting to access the service, it fails because the service requires that the user is logged in.

The first site is on a seperate server than the second site, but both sites are on the same subnet. Thus far the only way I have found to have the second site access the first sites service is to allow all users via a web.config setting specific to the directory that hosts the services .ASMX file. This is not acceptable because it leaves the door wide open to anyone who knows the .ASMX file directory.

I have attempted to mix and match windows authentication and use impersonation to access the web service, but according to microsoft, you cannot mix and match authentication types, and through personal trial, you can indeed not.

I'm looking for any helpful tips to help me accomplish this goal at a minimal reconfiguration of my two sites.

Thanks, George

+1  A: 

I implemented the solution by adding custom security to the headers on the SOAP packets. This allowed me to mix and match my security at a minimal reconfiguration to the service.

George
I was going to answer something similar.
Jeroen