Home
ASP.NET Forums » Advanced ASP.NET » Architecture » SOA and authentication / authorization

SOA and authentication / authorization

Last post 09-03-2009 10:31 AM by atconway. 3 replies.

Sort Posts:

  • SOA and authentication / authorization

    06-23-2009, 12:50 PM
    • Star
      14,250 point Star
    • JeffreyABecker
    • Member since 10-04-2004, 8:27 AM
    • Philadelphia, PA
    • Posts 2,911

    I'm examining moving our app to a more formally SOA architecture.  Right now authentication / Authorization is done in a mish-mash of ways all of which revolve around picking up the login cookie.  Does anyone have advice on how to structure our services with security in mind?  How do I get credential information into the service etc?

  • Re: SOA and authentication / authorization

    07-02-2009, 5:23 AM
    • All-Star
      17,710 point All-Star
    • vivek_iit
    • Member since 06-18-2006, 6:13 PM
    • New Delhi
    • Posts 3,171
    • TrustedFriends-MVPs

    For ASMX webservices, you can use WSE, here are some links:

    http://www.codeproject.com/KB/webservices/KerberosAuthenticationPOC.aspx

    http://www.codeproject.com/KB/cpp/authforwebservices.aspx

    For WCF based services (recommended), here are some links:

    http://nayyeri.net/blog/custom-username-and-password-authentication-in-wcf-3-5/

    http://msdn.microsoft.com/en-us/security/aa570351.aspx (Geneva framework)

    HTH,

    Vivek

    CodeASP.NET Community

    Communifire: Social Networking and Business Collaboration Platform

  • Re: SOA and authentication / authorization

    07-10-2009, 2:06 AM
    • All-Star
      22,373 point All-Star
    • longhorn2005
    • Member since 05-08-2003, 11:59 PM
    • Perth, Western Australia
    • Posts 1,347
    • Moderator

    Hi there,

    There's already quiet a few information on MSDN about it also vivek has already posted very useful information to get you started.

    I will also recommend you to have a quick look through the security best practices by patterns and practices group http://msdn.microsoft.com/en-us/library/aa302428.aspx

    If you are planning to head down WCF path (which i strongly recommend you should consider) then you can have a look at WCF specific information http://msdn.microsoft.com/en-us/library/ms732362.aspx

    Hope this helps

    Sunny

    Sunny NAGI
    Proper Preparation Prevents Poor Performance

    My Blog

  • Re: SOA and authentication / authorization

    09-03-2009, 10:31 AM
    • Contributor
      5,906 point Contributor
    • atconway
    • Member since 09-24-2007, 9:20 PM
    • Florida U.S.A
    • Posts 1,235

     One other note to add here- you didn't really elude to the type of service you were planning on creating. IMO there is no question to use WCF if you are starting from scratch.  Here is a good magazine article on WCF Authorization:

    Authorization In WCF-Based Services:

    http://msdn.microsoft.com/en-us/magazine/cc948343.aspx

    I have used both .asmx web services with WSE 3.0 and WCF, and I need to point out that using WSE 3.0 is not the way to go if starting new.  The reason is that WSE will not be further enhanced by Microsoft and is viewed as becoming obsolete in route to the more robust WCF services and the associated securtiy model.

    In fact, if you are using VS.NET 2008, WSE 3.0 does not even directly integrate.  There are work arounds I have used to get it integrated but they are incosistient in success of working in my experience.  So the best advice, move to WCF if possible.

    Thank you,   >[Blog]<

    "The best thing about a boolean is even if you are wrong, you are only off by a bit." :D
    -anonymous
Page 1 of 1 (4 items)
RSS Available

Contact | Advertise | Ads by BanManPro | Running IIS7
All Rights Reserved. | Terms of Use | Trademarks | Privacy Statement
© 2009 Microsoft Corporation.