http://forums.asp.net/16.aspxDiscuss and debate ASP.NET application designs. <a href="http://aspadvice.com/SignUp/list.aspx?l=8&c=17" target="_blank">Email List</a>enCommunityServer 2007 SP1 (Build: 20510.895)http://forums.asp.net/thread/3385692.aspxThu, 03 Sep 2009 14:31:01 GMT4c671506-2930-414c-a40b-8bf57ded5924:3385692atconwayatconway0http://forums.asp.net/thread/3385692.aspxhttp://forums.asp.net/commentrss.aspx?SectionID=16&PostID=3385692<p>&nbsp;One other note to add here- you didn&#39;t really elude to the type of service you were planning on creating. IMO there is no question to use WCF if you are starting from scratch.&nbsp; Here is a good magazine article on WCF Authorization:</p> <p><strong>Authorization In WCF-Based Services:</strong></p> <p><a href="http://msdn.microsoft.com/en-us/magazine/cc948343.aspx">http://msdn.microsoft.com/en-us/magazine/cc948343.aspx</a></p> <p>I have used both .asmx web services with WSE 3.0 and WCF, and I need to point out that using WSE 3.0 is <strong><em>not </em></strong>the way to go if starting new.&nbsp; The reason is that WSE will not be further enhanced by Microsoft and is viewed as becoming obsolete in route to the more robust WCF services and&nbsp;the associated&nbsp;securtiy model.</p> <p>In fact, if you are using VS.NET 2008, WSE 3.0 does not even directly integrate.&nbsp; There are work arounds I have used to get it integrated but they are incosistient in success of working in my experience.&nbsp; So the best advice, move to WCF if possible.</p>http://forums.asp.net/thread/3285259.aspxFri, 10 Jul 2009 06:06:23 GMT4c671506-2930-414c-a40b-8bf57ded5924:3285259longhorn2005longhorn20050http://forums.asp.net/thread/3285259.aspxhttp://forums.asp.net/commentrss.aspx?SectionID=16&PostID=3285259<p>Hi there,</p><p>There&#39;s already quiet a few information on MSDN about it also vivek has already posted very useful information to get you started. </p><p>I will also recommend you to have a quick look through the security best practices by patterns and practices group <a href="http://msdn.microsoft.com/en-us/library/aa302428.aspx">http://msdn.microsoft.com/en-us/library/aa302428.aspx</a></p><p>If you are planning to head down WCF path (which i strongly recommend you should consider) then you can have a look at WCF specific information <a href="http://msdn.microsoft.com/en-us/library/ms732362.aspx">http://msdn.microsoft.com/en-us/library/ms732362.aspx</a></p><p>Hope this helps</p><p>Sunny</p>http://forums.asp.net/thread/3270874.aspxThu, 02 Jul 2009 09:23:48 GMT4c671506-2930-414c-a40b-8bf57ded5924:3270874vivek_iitvivek_iit0http://forums.asp.net/thread/3270874.aspxhttp://forums.asp.net/commentrss.aspx?SectionID=16&PostID=3270874<p>For ASMX webservices, you can use WSE, here are some links:</p><p>http://www.codeproject.com/KB/webservices/KerberosAuthenticationPOC.aspx</p><p>http://www.codeproject.com/KB/cpp/authforwebservices.aspx</p><p>For WCF based services (recommended), here are some links:</p><p>http://nayyeri.net/blog/custom-username-and-password-authentication-in-wcf-3-5/</p><p>http://msdn.microsoft.com/en-us/security/aa570351.aspx (Geneva framework)<br /></p><p>HTH,</p><p>Vivek<br /></p>http://forums.asp.net/thread/3253497.aspxTue, 23 Jun 2009 16:50:50 GMT4c671506-2930-414c-a40b-8bf57ded5924:3253497JeffreyABeckerJeffreyABecker0http://forums.asp.net/thread/3253497.aspxhttp://forums.asp.net/commentrss.aspx?SectionID=16&PostID=3253497<p>I&#39;m examining moving our app to a more formally SOA architecture.&nbsp; Right now authentication / Authorization is done in a mish-mash of ways all of which revolve around picking up the login cookie.&nbsp; Does anyone have advice on how to structure our services with security in mind?&nbsp; How do I get credential information into the service etc?<br /></p>