Technically you can leverage IIS to do this type of authentication for you, but it's always going to map to a Windows user. ASP.NET doesn't provide intrinsic support for Basic, Digest or SSL v3. The remainder of the security protocols are going to require a little more work. If you choose Windows security, it's as easy as adding the following element to the element we started with in Step #1: Now, which option you select for security dictates what else needs to be done.
For the ultimate you can go with SSL v3 where you issue a specific client certificate to each user of your API. The next step up from that is Digest authentication which doesn't require SSL because the username/password are sent using an MD5 hash. The simplest of those is Basic Authentication, but you should only use this over SSL since the username/password are not encrypted (only base64 encoded).
However, if your services are being accessed over the internet then Windows authenticatio is not really an option and you need to choose from a web standard. If you're on an intranet and are using Windows authentication I would highly suggest leveraging that because it's truly the simplest option to get setup. You need to pick the approach that's the right fit for you. There are several ways to do this and several authentication standards you could leverage. You need to decide how you're actually going to authenticate users. Assuming it's a single ASMX file you can simply do the following in your web.config: configĪpply a tag for the resources you want secured. Well, since it's ASMX you have the entire ASP.NET runtime stack at your disposal.
0 kommentar(er)
