locked
Using GUID with Web Services

    Question

  • Dear .Net Developers,
    Currently I'm working on a project that contains
    • A Windows Application that is written in VB.Net
    • An ASP.Net web site, that resides on a web server along with it's Microsoft Access Database
    • And an ASP.Net web service that connects the two; it resides on the web server along with the database, the windows app. requests information from the web service and the web service provides the information
    What I need to do is making the web service more secure; I thought of putting a password, and the windows application must provide the password everytime it calls a method in the web service. But a more "modern" way would be getting advantage of the Globalized Unique Identifier (GUID). It's so easy to generate from VB.Net and even from ASP.Net, but how can I use GUID to Authenticate that the web service is being called from my windows application and not from any other application?

    And is there any other way to reach my goal other than using GUID??

    Thanx a lot
    Tuesday, September 09, 2008 9:36 PM

All replies

  • A Guid is just a 128 bit number.  You could use a guid I guess as some sort of user id or authenication token that gets passed in the service calls.  Probably best not to implement you own stuff though.


    For authenication look at WS-Security and WSE

    WS-Security
    http://msdn.microsoft.com/en-us/library/ms951273.aspx

    WS-Security Drilldown in Web Services Enhancements 2.0
    http://msdn.microsoft.com/en-us/library/ms996952.aspx

    Also consider using certificates.  Please check out this kb article for instructions.

    How to call a Web service by using a client certificate for authentication in an ASP.NET Web application
    http://support.microsoft.com/kb/901183

    • Proposed as answer by edhickey Wednesday, September 24, 2008 6:01 PM
    Monday, September 15, 2008 12:52 AM
  • Please do not look at WSE. WSE is obsolete. Instead, look at WCF, which implements all the same WS-* standards as WSE.

    WCF has the advantage of not being an obsolete stopgap solution.
    John Saunders | Use File->New Project to create Web Service Projects
    Monday, September 15, 2008 1:26 AM