发表新帖
发表新帖

Is it possible to secure a web service with Forms Authentication?

前端 未结
关注
4 619
忘了有多久
忘了有多久 2021-01-05 12:30

We are looking to secure a bunch of ASP.Net 2.0 .asmx web services. The which will host the web services is already forms authenticated.
Is it possible to secure the

相关标签:
4条回答
  • 梦毁少年i
    2021-01-05 12:47

    The thing with form authentication is that its designed for people, where as a web service is designed to be consumed by a client application. While it is possible to do the authentication like this, it's the wrong way of thinking.

    The level of security needed obviously depends upon the sensitivity of data that you're working with, but I'm going to assume its at least somewhat sensitive (but less than bank transactions). You could perhaps use SSL and passing a username and password as jle suggested, while I was typing this, or you could require an api key much like flickr does.

    Another more secure option is to only pass the username and password once (and with the security of ssl) and have that give out a token that is valid for a period of time. This has the benefit of protecting the password information, and avoiding the constant overhead of ssl.

    As mentioned though, it highly depends on HOW sensitive the information is that you're trying to secure.

    0 讨论(0)
  • 北海茫月
    2021-01-05 12:47

    It is possible, but you will need to redirect users to a login page. Another option for passing username/pw is to use the web service over ssl. If you encrypt the connection, basic authentication can be used no problem.

    0 讨论(0)
  • 不知归路
    2021-01-05 13:07

    You should be able to use WSE to secure your service using forms authentication - though personally I've never had to do it.

    Here are some resources using WSE:

    • http://aleemkhan.wordpress.com/2007/09/18/using-wse-30-for-web-service-authentication/
    • http://msdn.microsoft.com/en-us/library/aa480575.aspx

    To not use WSE you'd need to implement something like this as some of the other presponders have alluded to, though I'm not sure how reliable it would be:

    • http://www.dotnetbips.com/articles/dbd724e9-78f0-4a05-adfb-190d151103b2.aspx
    0 讨论(0)
  • 醉话见心
    2021-01-05 13:10

    WSE is obsolete. Do not use it unless you have no choice at all.

    Almost all the functions of WSE are implemented better by WCF. The remaining capabilities, those not implemented by WCF, are obsolete themselves (DIME, for instance).

    0 讨论(0)
 看不清?
提交回复
热议问题