search

yasser777 / nettiers

Automatically exported from code.google.com/p/nettiers
0 stars 0 forks source link

Patch: Webservice Authentication #24

Open GoogleCodeExporter opened 9 years ago

GoogleCodeExporter commented 9 years ago 
This is my first contribution so forgive me if it's wrong or somehow not up
to par. I needed a way to secure the web services so that only an
authorized application could have access to the ASMX file. After exploring
several options I settled on just using Integrated Windows Authentication
(which doesn't pass the username and password in clear text.) in IIS to
protect the directory and having the web service client pass the
credentials. This means that the username and password that protect the
directory containing the ASMX file is embedded in the WebServiceClient
methods. This essentially becomes "application authentication" not user
authentication. For my needs user authentication will be something that
happens inside my application. This of course presents us with the problem
of having a username and password in the DLL, so obfuscation (or some other
such method) will probably be needed to make sure that the code can't be
de-compiled.

There are four new properties:

    * 1. PasswordProtectWebservice - Whether or not to password protect the
web service
    * 2. WebserviceUsername - The username to be used to access the web service
    * 3. WebservicePassword - The password to be used to access the web service
    * 4. WebserviceDomain - Optionally the domain to be used to access the
web service

If you choose to password protect the web service it not only embeds the
code so the proxy service is passed credentials but it also turns off
anonymous access on the virtual directory.

The patch can be found here
(http://community.codesmithtools.com/forums/t/8379.aspx).

What version of .netTiers and CodeSmith are you using?
2.2 rev 711

Please use labels and text to provide additional information.

Original issue reported on code.google.com by bniemyjski on 23 May 2008 at 1:00

GoogleCodeExporter commented 9 years ago

Original comment by beriniw...@hotmail.com on 1 Jun 2008 at 5:41

GoogleCodeExporter commented 9 years ago 
We just added Web.Security lately.  I was wondering if that could somehow be 
integrated with this, so we could have some sort of "Forms Authentication" with 
this.

Original comment by beriniw...@hotmail.com on 4 Jun 2008 at 12:55

GoogleCodeExporter commented 9 years ago

Original comment by bniemyjski on 28 Jul 2008 at 6:45

GoogleCodeExporter commented 9 years ago 
Could you also create and attach a patch file for the latest revision 781.

Original comment by bniemyjski on 30 Nov 2008 at 6:47

GoogleCodeExporter commented 9 years ago 
Could you look into this?

Original comment by bniemyjski on 8 Dec 2008 at 6:08

GoogleCodeExporter commented 9 years ago 
Was this comment for me directly? About the Web.security thing?

Original comment by ericalle...@gmail.com on 8 May 2009 at 3:46

GoogleCodeExporter commented 9 years ago

Original comment by bniemyjski on 25 May 2009 at 3:30