locked
ASMX and ASP.NET Authentication RRS feed

  • Question

  • User590003789 posted

    Hi,

    I have a set of Web Services that is called by jquery in ASP.NET pages. They are only used from these pages (which are basically HTML pages except that they share a master page).

    The site is protected by Windows Authentication and only users with the correct roles are allowed access.

    Does the protection that works for the ASPX pages also protect the ASMX pages or will any user be able to access the Web Services?

    TIA

    Soren

    Thursday, January 24, 2013 8:54 AM

All replies

  • User-1662538993 posted

    I think so form authentication does not secure web service.

    You have to have some authentication for web service like passing username/pwd in order to access the methods or pass some kind of security token.

    Thursday, January 24, 2013 10:36 AM
  • User590003789 posted

    Hi, thanks for your input.

    These web services can operate on the Session object and thus is called in a session context, so I would have thought so.

    I assume that web services implemented as page methods are protected then?

    I have not marked your input as answer, since you express some uncertainty and it is important for me to get a clear answer :)

    Friday, January 25, 2013 4:02 AM