Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Is it possible to secure a web service with Forms Authentication?

Tags:

asp.net

web-services

forms-authentication

We are looking to secure a bunch of ASP.Net 2.0 .asmx web services. The which will host the web services is already forms authenticated.
Is it possible to secure the web services using forms authentication? What are the pros and cons and other possible ways to achieve this. We certainly don't want to pass a username/pwd or token in each web method call.

like image 270
SharePoint Newbie Avatar asked Feb 17 '09 05:02

SharePoint Newbie

People also ask

Is forms based authentication secure?

Form-based authentication is not particularly secure. In form-based authentication, the content of the user dialog box is sent as plain text, and the target server is not authenticated. This form of authentication can expose your user names and passwords unless all connections are over SSL.

What is web form authentication?

Form Authentication is a token-based system. When users log in, they receive a token with user information that is stored in an encrypted cookie. When a user requests an ASP.NET page via the browser, the ASP.NET verifies whether the form authentication token is available.

What protection is required for form authentication in Net security?

By default, forms authentication protects only ASPX pages and any other . NET extensions. You can configure forms authentication to protect other static extensions such as . jpg, .

What is the difference between forms and Windows authentication?

Forms authentication is where the user is required to login with credentials just for the web site. Windows authentication is for when the web site will accept the user's Windows credentials for login purposes.

1 Answers

The thing with form authentication is that its designed for people, where as a web service is designed to be consumed by a client application. While it is possible to do the authentication like this, it's the wrong way of thinking.

The level of security needed obviously depends upon the sensitivity of data that you're working with, but I'm going to assume its at least somewhat sensitive (but less than bank transactions). You could perhaps use SSL and passing a username and password as jle suggested, while I was typing this, or you could require an api key much like flickr does.

Another more secure option is to only pass the username and password once (and with the security of ssl) and have that give out a token that is valid for a period of time. This has the benefit of protecting the password information, and avoiding the constant overhead of ssl.

As mentioned though, it highly depends on HOW sensitive the information is that you're trying to secure.

like image 110
Luke Chadwick Avatar answered Sep 27 '22 21:09

Luke Chadwick
Sign in to Comment

Related questions

WebHostBuilder.Build() MissingMethodException in .NET Core migrated solution
Asp.net mvc vs Angular JS for developing applications [closed]
Difference between application insights application types
Receiving JSON object as a string in ASP.NET Core API
RazorViewEngine.FindView can't find the precompiled view
Creating HttpClient in older ASP.NET MVC app without Startup
Deploying ASP.NET Core 2.1 React App on IIS server
ASP.NET Identity verify if ResetPassword token has expired
reCAPTCHA has already been rendered in this element
Where is the dictionary key "MS_HttpContext" defined for HttpRequestMessage.Properties?
How to Track Queries on a Linq-to-sql DataContext
Is Wiki Content Portable?
HTML Tag ClientID in a .NET Project
ASP.NET WSAT (Website Administration Tool) and Custom Membership Providers
Vb6 "Tag" property equivalent in ASP.Net?
Spreadsheet-like control for a web application? [closed]
Localize Images in ASP.NET
Why should I use JSON with ASP.NET?
What is Page.LoadComplete meant for (in practice)
ASP.NET: How to access repeater generated elements from javascript?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!