×
INTELLIGENT WORK FORUMS
FOR COMPUTER PROFESSIONALS

Contact US

*
*
*
*

Thanks. We have received your request and will respond promptly.

Log In

Come Join Us!

Are you a
Computer / IT professional?
Join Tek-Tips Forums!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!
*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

Posting Guidelines

Promoting, selling, recruiting, coursework and thesis posting is forbidden.

Students Click Here

Web Service Authentication...

thread732-1710668

Web Service Authentication...

Web Service Authentication...

(OP)
Hi guys

I have been tasked with setting up a fairly simple web service for a client, written in C#, in which I need to add some form of security, as it will be on an HTTPS link but accessible by the world. My C# knowledge is limited so I am looking for as simple a solution as possible.

My thought is to have the username/password stored in the web.config file, which is then used to check against what is passed on the call to a method in the web service. Should be simple enough (I guess!) but my Googling has turn up a large number of different solutions, with some people saying not to use them etc, so it has left me confused.

Could anyone point me to a tutorial of an accepted technique, that's simple to implement both from my end and the client's end (I have no idea what their front end will be).

Many thanks

I like work. It fascinates me. I can sit and look at it for hours...

RE: Web Service Authentication...

Have you considered setting it up to use Active Directory? If they are running it on Windows Server anyway they likely have Active Directory available to them. And then if they are using the domain controller on the work computers, they now only have to have one set of credentials. Its nice. You can also set it so that if they are logged into the domain, the web application already knows who they are when they go to access the page, which is even nicer (though.. there can be some security considerations with that if you have users who leave their computers logged in on a regular basis).

RE: Web Service Authentication...

(OP)
sounds like a nice solution! It might be a bit overkill at this stage for my needs but well worth a look :)

Thanks

I like work. It fascinates me. I can sit and look at it for hours...

RE: Web Service Authentication...

You could also go the traditional web route where you have a database behind the scenes which you use to store information. And then you can just MD5 hash the passwords; when they try to log in, take what the password they enter, md5 hash that, compare with the database, if it matches, set a cookie with a session number in it which you can then track in the database. Most php websites use this method; they also tend to create a randomly generated (for the server, not per use) 'salt' that they throw onto the passwords before they hash it just to make things a little bit more confusing. If someone compromises your database it makes it a bit harder for them to be jamming in reset passwords if they can't access the file with the salt setting in it.

To be honest, I'm not sure of ASP.NET best practice for this, given that most of the websites I have designed were all done in PHP or RoR. I only really use C# for windows forms and console applications/services.

RE: Web Service Authentication...

(OP)
Thanks Moregelen, I have a fair bit to look into now :) I think the 'traditional' route will be the way to go with this solution, so I will look more into that.

Many thanks for your time :)

I like work. It fascinates me. I can sit and look at it for hours...

Red Flag This Post

Please let us know here why this post is inappropriate. Reasons such as off-topic, duplicates, flames, illegal, vulgar, or students posting their homework.

Red Flag Submitted

Thank you for helping keep Tek-Tips Forums free from inappropriate posts.
The Tek-Tips staff will check this out and take appropriate action.

Reply To This Thread

Posting in the Tek-Tips forums is a member-only feature.

Click Here to join Tek-Tips and talk with other members! Already a Member? Login
Close Box

Join Tek-Tips® Today!

Join your peers on the Internet's largest technical computer professional community.
It's easy to join and it's free.

Here's Why Members Love Tek-Tips Forums:

Register now while it's still free!

Already a member? Close this window and log in.

Join Us             Close