Library tutorials & articles

Authentication for Web Services

By Bruce Johnson, published on 09 Mar 2003
Bruce Johnson I am the owner of a small application development consulting company that specialized in the design and implementation of Internet-based applications. While there are others who can make a web sit...
Page 4 of 6
  1. Introduction
  2. Operating System Options
  3. Third Party Choices
  4. Roll Your Own Authentication
  5. The Choices We Made
  6. Our Process Flow

Roll Your Own Authentication

When you take advantage of the authentication methods made available through the operating system or a third party, you get the benefit of using tools that have already been developed and tested. Okay, we're making an assumption about that tested part, but play along with me here. Still, even with these tools at our disposal, there are situations where more is required. If your application maintains is own user list or requires additional information above and beyond the user id and password, you are forced to create your own technique. And that is what we are faced with in our sample web service. Along with the user id and password, we need to gather a company identifier. In other words, none of the 'standard' techniques will be sufficient for our purposes, leaving us with no choice but to create our own authentication system.

Related tags

web services

Comments

  1. Seamus Barrett
    16 Jul 2007 at 18:25

    Hi,
        I have enjoyed reading the article so far and I have a quick question. Isn't the interception of the security token almost as useful to a hacker as the interception of the original credentials? If so (even marginally) then why is it neccessary to go to such lengths to hide the login name and password, but not the token? Couldn't a hacker keep the token alive by using it regularly, therefore avoiding any expiration? Would it be possible to explore these issues, in the scope of the article?

    Thanks,
    Seamus





  2. Developer Fusion Bot
    01 Jan 1999 at 00:00

    This thread is for discussions of Authentication for Web Services.

Leave a comment

Sign in or Join us (it's free).

AddThis

Related articles

Ask a question

Related discussion

Related podcasts

  • Java Posse #202 - Newscast for Aug 22nd 2008

    Newcast for August 22nd, 2008Fully formatted shownotes can always be found at http://javaposse.com Sadly, Java does not run on the Mars LanderThe Golden Gate Project http://research.sun.com/projects/goldengate/Space surveillance radar http://www.sun.com/aboutsun/pr/2008-04/sunflash Google has r...

Languages

Web Development

Frameworks & Architecture

Other major sections