I’m working on a web-app using ASP.NET Membership Provieder to implement authentication and roles for each user.
Now I need to create a web service to provide some asynchronous functionalities and I need to call web-methods from several pages in my application. But I’ve noticed that Web Service is accessible also from non-authenticated users setting the url in the address bar of the browser.
Is there a way to apply Membership Provieder rules also to web-methods, or do I have to implement authentication system for every method?
You should probably not be exposing the web service to the public. It should reside inside your internal network. If you need to expose it to the public then you need to secure it the same way you do with your web application. You could also use Forms Authentication in your web service methods. Depending on the technology you used to implement your service with there might be various ways to achieve that. Basically all your web method calls would require a valid forms authentication cookie to be sent along with each request in order to authenticate the user.