How do I configure .NET webservice to require all consumers to supply credentials, then verify their validity against database table?
A:
Lots of ways to do this.
Have a look at the SoapHeader class for one - there is a sample here.
Chris Diver
2010-07-13 14:02:10
A:
Adam
2010-07-13 14:04:00
+2
A:
If you're using class ASP.NET ASMX Web Services, I would suggest you download Microsoft's Web Service Enhancements 3.0. That will enable you to properly support WS-Security.
You could also use custom SOAP Headers, but that method doesn't conform to WS-Security standards and could cause interoperability problems if you're consuming the services from a non-.NET platform.
If you're using WCF, you just need to configure your binding to use the proper type of security. Take a look at Bindings and Security. It's a broad overview and you'll have to dig a little deeper to get the specifics for your type of binding.
Justin Niessner
2010-07-13 14:04:51
Isn't WSE 3.0 just for .NET 2.0?
Sphynx
2010-07-13 14:09:47
SOAP headers not supported on other platforms other than .NET, are you sure???
Chris Diver
2010-07-13 14:11:49
@Chris Diver - They may be supported, but they don't conform to the standard for Web Service Interop so it's not guaranteed.
Justin Niessner
2010-07-13 14:18:08
@Justin - but they conform to the standard of SOAP web services.
Chris Diver
2010-07-13 14:24:57
@Sphynx - WSE 3.0 is only supported for Visual Studio 2005, correct. If you're using Visual Studio 2008, Microsoft advocates migrating to WCF if you need the added functionality.
Justin Niessner
2010-07-13 14:27:18
Thanks Justin, I've switched to WCF.
Sphynx
2010-07-14 09:13:36
A:
Looks as if you could do worse than read:
http://progtutorials.tripod.com/Authen.htm
"Forms Authentication".
PolicyWatcher
2010-07-13 14:08:53