Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
We are looking to secure a bunch of ASP.Net 2.0 .asmx web services. The which will host the web services is already forms authenticated.
Is it possible to secure the web services using forms authentication? What are the pros and cons and other possible ways to achieve this. We certainly don’t want to pass a username/pwd or token in each web method call.
The thing with form authentication is that its designed for people, where as a web service is designed to be consumed by a client application. While it is possible to do the authentication like this, it’s the wrong way of thinking.
The level of security needed obviously depends upon the sensitivity of data that you’re working with, but I’m going to assume its at least somewhat sensitive (but less than bank transactions). You could perhaps use SSL and passing a username and password as jle suggested, while I was typing this, or you could require an api key much like flickr does.
Another more secure option is to only pass the username and password once (and with the security of ssl) and have that give out a token that is valid for a period of time. This has the benefit of protecting the password information, and avoiding the constant overhead of ssl.
As mentioned though, it highly depends on HOW sensitive the information is that you’re trying to secure.