Members

Technology Zones

IBM Learning Center

Articles

Hosted By

MaximumASP

Info
Rated
Read 39,540 times
1 comments

Contents

Downloads

Related Categories

Authentication for Web Services - Our Process Flow

LACanadian

Our Process Flow

Now let's take a look at the details of how we implemented the authentication method that we just outlined. The code necessary to create the databases, populate the tables with some sample data, as well as the code for the Login method and the aspx file used to test it are in a .ZIP file accessed through the "Download Source Code" link above. The flow through the process is as follows


Figure 1 - Authentication Process Flow

  1. The initial call to the web service is made through the Login method. The company code, user id and password are provided as parameters. For security reasons, this call will take place over SSL.
  2. The web service uses the Login method of the CLogin object to validate the credentials. The parameters to the method are the same as the initial call to Login. The result will be either a 33-character token or a blank string.
  3. The Login method invokes the stored procedure called prcValidateUser on the Token server. The result will be a recordset (or more accurately, a Data Reader) containing either a 33-character token or a blank string.
  4. The stored procedure prcValidateUser using the information in the Company table to identify the server on which the database can be found and the name of the database itself. This information in turn is used to build the statement that gets executed on the remote server.
  5. Through the stored procedure called prcValidateUser that is in each company's database, we validate the credentials that have been provided.
  6. If a match has been found, then a token gets generated and returned up the chain. As mentioned in the previous section, we use a check digit as part of the process. The value of the token, along with the company and user associated with it gets stored in the Tokens table.

At this point, we have the security token that we need to make the rest of the functions work. You will see it put to use in future articles. As for the next segment, we will discuss the technique that we use to support the authorization portion of the server. As always, any suggestions or improvements are greatly appreciaed. Keep those cards and letters coming. :)

I am the owner of a small application development consulting company that specialized in the design and implementation of Internet-based applications. While there are others who can make a web site look good, our expertise is in making the site function. This includes infrastructure design, database design and administration, software development and deployment. For the most part, we utilize Microsoft-based languages and tools. And we are skilled enough to have generated two patent applications for our clients.

Comments

Read Comments | Post Comment