Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
Hi I am going to do a web service. Now our customers are going to be able to call the method from their interface. I been thinking what I should do for authentication, I been reading and can not really decide. I want to pass username and password to the method.
Do you got any advice?
Common authentication schemes are well-defined and, while not perfect, are known entities. The worst thing you can do is “roll your own” in security.
I assume by your comment “pass username and password to the method”, you mean you would like to have access to the credentials used to access your web service. This is fine, but don’t pass credentials as parameters to your method.
Based on your description, basic authentication over SSL should provide you sufficient protection for your application. This would work in a non-trusted environment (i.e. across unknown networks) and should be easy enough to implement on the client-side.