Hi,
From your description, you expose an access database via an WebService
(ASP.NET WebService?) and currrently you used a customized security
mechanism( provide the user credential in every member functions of the
webservice) and you feel it no good and wonder some better means to
implement security on the webservice, yes?
As for this problem, here are my suggestions:
In ASP.NET webservice, we have two main means to implement Authenticate
security for it:
1. Using the buildin security mechanism of the ASP.NET web application,
such as Windows authentication. This means is very useful when the client
machine(webservice's caller) and the server machine are in the same domain
or local intranet. Then, we can force the client to provide the domain
account when calling the webservice. Also, this need make use of the IIS's
buildin authentication mechanism (Basic or Integrated Windows). For
detailed description, you may view the following guide and references:
#Securing XML Web Services Created Using ASP.NET
http://msdn.microsoft.com/library/en-us/cpguide/html/cpconSecuringASPNETWebS ervices.asp?frame=true
#Security and XML Web services
http://www.aspng.com/quickstart/aspplus/doc/secureservices.aspx 2. Provide custom authentication info in webservice's soap header. This
means need us to define some custom Soap headers which represent the
client's credential info and we can determine whether the caller is
authenitcated on the serverside via these custom headers. Different from
settting credentials in every function call I mentioned at beginning, such
SoapHeader can set only once on the Client Proxy class and then all the
sequential calling on the webservice will contain the headers. For more
detailed info on the related topic, please refer to the following
weblinks(also the links above have also mentioned this means):
#Using SOAP Headers
http://msdn.microsoft.com/library/en-us/cpguide/html/cpconUsingSOAPHeaders.a sp?frame=true
#Customizing SOAP Messages
http://msdn.microsoft.com/library/en-us/cpguide/html/cpconcustomizingsoapina spnetwebserviceswebserviceclients.asp?frame=true
#Webservicessamples.exe Contains ASP.NET Web Services Samples
http://support.microsoft.com/?id=320438 Further more, if you have interesting, you may have a look at the
WSE(MIcrosoft Webservice Enhancement) which provide more and stronger
features on building reliable and stronger XML Webservie:
#WS-Security Authentication and Digital Signatures with Web Services
Enhancements
http://msdn.microsoft.com/library/en-us/dnwse/html/wssecauthwse.asp?frame=tr ue
#Using Role-Based Security with Web Services Enhancements 2.0
http://msdn.microsoft.com/library/en-us/dnwse/html/wserolebasedsec.asp?frame =true
Hope also helps. Thanks.
egards,
Steven Cheng
Microsoft Online Support
Get Secure!
www.microsoft.com/security (This posting is provided "AS IS", with no warranties, and confers no
rights.)
Get Preview at ASP.NET whidbey
http://msdn.microsoft.com/asp.net/whidbey/default.aspx
