Members

» Login
» Register (Free)
» Member Benefits
» Submit Resource

Technology Zones

» .NET Framework
(Quickstart)
» ASP
» ASP.NET
» C / C++ / MFC
» C# Programming
» Java
» JavaScript
» PHP
» Databases & SQL
» Visual Basic
» VB.NET
» XML
» More...

IBM Learning Center

» How to use the Scrum project management method with IBM Rational Team Concert and the Jazz platform.
» Writing Good Software Systems Development Use Cases.
» Best practices for software analysis
» The Business Benefits of Enterprise Mashups

Articles

» The .NET Framework & Protecting your Code
» Number Systems
» Uploading Files with ASP
» Visual Studio Next Generation: Language Enhancements
» How to NNTP in C#

Hosted By

Info

» Partners
» Advertise
» About Us
» Link To Us
» Privacy Policy
» Contact Us

Rated
Read 38,686 times

1 comments

Downloads

Download.zip

Related Categories

Authentication for Web Services - Introduction

AuthorLACanadian

Introduction

Consider authentication of your web service to be like a door on your house. It needs to be wide enough to allow people to enter, but only if they've knocked first. Getting away from the cutesy analogies, authentication is the process of making sure that the person who is asking to use the web service is really the person that they claim to be. This is done by requiring the user (also known as the "principal") to provide a set of credentials. In return, they will receive a security token that can be used to access the server.

The credentials usually take the form of a user id and password. However, what is really required is everything necessary to uniquely identify the user. For example, in our sample web service, we require that a company code be supplied along with the user id and password. The reason for this additional information is that the data we use to rate a shipment is different for each company.
On the other hand, the security token that is returned is usually more conceptual than physical. It can take the form of a cookie placed on their browser, a session id stored on the serveror an actual string of characters. For our application, we are using a 33-character character string. The reason for our choice will be detailed later in this article. And before we get to that, let's look at the tools that are available to assist with the authentication process.

Operating System Options »

I am the owner of a small application development consulting company that specialized in the design and implementation of Internet-based applications. While there are others who can make a web site look good, our expertise is in making the site function. This includes infrastructure design, database design and administration, software development and deployment. For the most part, we utilize Microsoft-based languages and tools. And we are skilled enough to have generated two patent applications for our clients.

Comments

Read Comments | Post Comment

Re: [3451] Authentication for Web Services

Posted by barrettseamus@hotmail.com on 16 Jul 2007

Hi,
I have enjoyed reading the article so far and I have a quick question. Isn't the interception of the security token almost as useful to a hacker as the interception of the or...

Search

Code Samples

» Optional Arguments in JScript
» Loading Huge Files
» Boot RegKey API
» Messenger Client Coding
» Read text files into ADO recordsets

New Members

» vimlendu kumar in India
» MK in Israel
» CK in Belgium
» Harold Brown in United States
» arockia in India
» chinnaraju in India