Home/ Questions/Q 375369
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-12T14:29:45+00:00

I created a web service that I want to make more secure by using

  • 0

I created a web service that I want to make more secure by using forms authentication. I added the following code:

    [WebMethod(Description = "Login function returns true for success and false for fail.", EnableSession = true)]
    public bool Login(string Username, string Password)
    {            
        return User.Validate(Username, Password);        
    }

My User.Validate function does all the authentication and works fine but I am not sure if it is secure passing the username and password to the web service. Is this any less secure than when a username and password field are submitted through a normal web form without SSL?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Your web method is no less secure than a normal web form without SSL. Both are basic POST entries (you could make them GETs, but POST is most likely) that send their payload contents (Username, Password) in clear text.

    Just a comment: not certain about your strategy of making your web service more secure by adding an authentication method that returns a simple boolean. Most authentication schemes will require the use of a session or authentication token that must be carried around by the client. In a web browser, this is automatic through cookies and such; it requires active management for most clients consuming a web service.

    • 0