Dear .Net Developers,Currently I'm working on a project that contains
What I need to do is making the web service more secure; I thought of putting a password, and the windows application must provide the password everytime it calls a method in the web service. But a more "modern" way would be getting advantage of the Globalized Unique Identifier (GUID). It's so easy to generate from VB.Net and even from ASP.Net, but how can I use GUID to Authenticate that the web service is being called from my windows application and not from any other application?And is there any other way to reach my goal other than using GUID??Thanx a lotTuesday, September 09, 2008 9:36 PM
- A Windows Application that is written in VB.Net
- An ASP.Net web site, that resides on a web server along with it's Microsoft Access Database
- And an ASP.Net web service that connects the two; it resides on the web server along with the database, the windows app. requests information from the web service and the web service provides the information
A Guid is just a 128 bit number. You could use a guid I guess as some sort of user id or authenication token that gets passed in the service calls. Probably best not to implement you own stuff though.
For authenication look at WS-Security and WSE
WS-Security Drilldown in Web Services Enhancements 2.0
Also consider using certificates. Please check out this kb article for instructions.
How to call a Web service by using a client certificate for authentication in an ASP.NET Web application
Monday, September 15, 2008 12:52 AM
- Proposed as answer by edhickey Wednesday, September 24, 2008 6:01 PM
Please do not look at WSE. WSE is obsolete. Instead, look at WCF, which implements all the same WS-* standards as WSE.
WCF has the advantage of not being an obsolete stopgap solution.
John Saunders | Use File->New Project to create Web Service ProjectsMonday, September 15, 2008 1:26 AMModerator