Securing Web Services

M

MikeHildner

Newcomer
Joined
Jun 29, 2004
Messages
11
Location
Angel Fire, NM
I'm a newbie when it comes to web apps. Have created some web services, with methods like InsertLogon. Obviously I don't want everyone to be able to access this method. Is there any type of session for web services? I'm thinking I might have to create a sesson variable and pass that back and forth as part of the web service.

Any insight appreciated.

Mike
 
Although sessions can be used with web services these can seriously impact scalability. If you need to provide authentication you may better off looking at using either something like x509 certifactes or possibly WS-Security which can be obtained as part of WSE 2 from MS.
Plus a related article or two on the subject can be found here
 
Thanks, PlausiblyDamp, I'll do some reading. I was wondering if my design was just bad. Umm.... do you think it is? What I'm trying to do is have the web service as a business layer (if that's the correct terminology) so I can call from a Windows Forms app or a web app. If I ever sell it, it will be running in an intranet, but right now the demo will be hosted on Brinkster.

Thanks,
Mike
 
Back
Top