How To Authenticate A Windows Mobile Client Calling Web Services In Web App
Mar 21, 2010
I have a fairly complex business application written in ASP.NET that is deployed on a hosted server. The site uses Forms Authentication, and there are about a dozen different roles defined. Employees and customers are both users of the application.
Now I have the requirement to develop a Windows Mobile client for the application that allows a very specialized set of tasks to be performed from a device, as opposed to a browser on a laptop. The client wants to increase productivity with this measure. Only employees will use this application.
I feel that it would make sense to re-use the security infrastructure that is already in place. The client does not need offline capability.
My thought is to deploy a set of web services to a folder of the existing site that only the new role "web service" has access to, and to use Forms Authentication (from a Windows Mobile 5/.Net 3.5 client).
I did see this question and I am aware of the limitations that Forms Authentication poses. Since security is not my primary motivator (I use SSL and can restrict access by IP address), but rather using existing user accounts and roles, my decision tree is somewhat different as well.
View 1 Replies
Similar Messages:
Jul 21, 2010
I have an application that exposes a number of ASP.NET web services at an internet location. For security reasons, I want to be able to authenticate clients, and reject any that are not authorised. The authorised clients in question will be ASP.NET web applications,
but I do not have guaranteed access to their IIS configuration, nor to their local certificate stores, therefore the solution must not involve any of these items.
However, authorised clients, will always make calls to the web services using wrapper methods provided by an assembly that I
do have control over. My idea is to digitally sign that assembly, and use that signature as the basis for authenticating the client.For that to work, the assembly will need to be able to construct an X509Certificate object from itself, and to attach it to the call to the web service:
X509Certificate cert = X509Certificate.CreateFromSignedFile(Assembly.GetExecutingAssembly().Location);
_webService.ClientCertificates.Add(cert);
Then the web service must be able to compare the incoming request certificate to its own signing certificate to authenticate the client:
X509Certificate requestCert = new X509Certificate(Context.Request.ClientCertificate.Certificate);
X509Certificate signingCert = X509Certificate.CreateFromSignedFile(Assembly.GetExecutingAssembly().Location);[code]...
The documentation for the method doesn't help much, other than remarking that ASN.1 DER is the only certificate format supported by the method. if I am signing the assembly incorrectly, misunderstanding the method itself etc.? Or more generally if the approach I am taking will work or is flawed?
View 1 Replies
Dec 22, 2010
How can we authenticate user in web services like i want that a user with valid id and password should only be able to consume my web service.
i am using .net framework 2.0
View 1 Replies
Feb 4, 2011
How to Find All the Web Services and Windows Services Running on a Server in ASP.Net. I have the server details with me and want to find all the Web services running on it.
View 1 Replies
Oct 4, 2010
For a few reasons, the bunch I'm working for don't want to use certificates and don't like the idea of a service that can be accessed by anybody with a valid logon.
My question is how can I authenticate an application as being an official application suited for use with these wfc services without using certificates?
They are trying to avoid a situation where inquisitive customers are clever enough to retrieve the service calls and have enough infrastructure to build their own clients to use them.
View 2 Replies
Jan 12, 2011
I have a ASP.NET website which uses the standard ASP.NET Login Control for authenticating users. The user information is stored in a SQL Server database which is not accessible from client side. I want to write a standalone desktop windows form application which requires user to login with the same credential (username and password) used on the website. For the web-based form authentication, it's simple just to use the login control. Howerver, I have no idea for how to deal with the login for windows form application. My naive idea is to create a login web service which windows form application can utilize.
View 4 Replies
Nov 29, 2010
I want to convert following PHP code to C#.
$client=new SOAPClient(API_URL."www/ws_rpc.php?wsdl&actor=fieldreport_actions&client=".API_KEY,array("uri"=>"SOME_URL","style"=>SOAP_RPC,"use"=>SOAP_ENCODED,"encoding"=>"UTF-8"));
$auth = $client->is_valid_panelist_login("login_type_email",$username,$password);
How can I do it? I found 1 sample at: Help me convert this PHP SOAP code to C# But this looks bit different.
View 1 Replies
Dec 14, 2010
I am using mobile controls in my asp.net web pages. The below is the design of my mobile command control.
<mobile:Command ID="cmdnextC" OnClick="Next" SoftkeyLabel="Next" Runat="server">Next</mobile:Command>
I have a javascript which i am using to get the GPS location information. And my javascript is like below..
<script type="text/javascript">
View 3 Replies
Feb 18, 2010
I face this problem when my client setting the LAN like this: the database server is in server A, the web application is in server B, and the windows login server control (is it what we call "windows domain"?) is in server C.
When I use windows authentication in the web application I built, it checked only the windows account in server B. How to authenticate with server C's windows account?
View 2 Replies
Sep 27, 2010
For an ASP.Net website with calls through to a WCF Service:
Three web clients click the button that calls the WCF Service simultaneously.
Does the web server make 3 concurrent calls? (e.g. WCF Service receives 3 concurrent calls) one on behalf of each web client?
View 1 Replies
Jun 25, 2010
I have hosted a secure WCF service on cloud with a certificate created by makecert.
Now I want to restrict the access to the service by allowing only those clients who have the certificate generated by me.
What is the best approach to implement this
* Shall I go with the changes in the configuration file
* Or Shall I write the code to validate this in the service
* Is there any other alternative?
View 1 Replies
Jan 21, 2011
I wrote an asp.net application with default.aspx. When I hit this page It is asking me windows login popup window. My application should me windows authentication required but it should "Integrated Windows authentication". If I enter login password I am able to see my page. How can I automatically integrate this windows authentication? I added below code in web.config. still doesn't work.
<authentication mode="Windows"/>
<identity impersonate="false"/>
<authorization>
<deny users="?"/>
</authorization>
View 4 Replies
May 24, 2010
In my ASP.NET application, I need to be able to authenticate/authorise against local Windows users/groups (ie. not Active Directory) on a different machine, as well as be able to change the passwords of said remote local Windows accounts.
Yes, I know Active Directory is built for this sort of thing, but unfortunately the higher ups have decreed it needs to be done this way (so authentication against users in a database is out as well).
I've tried using DirectoryEntry and WinNT like so:
DirectoryEntry user = new DirectoryEntry(String.Format("WinNT://{0}/{1},User",
serverName, username), username, password, AuthenticationTypes.Secure)
but this results in an exception when you try to log in more than one user:
Multiple connections to a server or shared resource by the same user, using more than one user name, are not allowed. Disconnect all previous connections to the server or shared resource and try again.
I've tried making sure my DirectoryEntries are used inside a using block, so they're disposed properly, but this doesn't seem to fix the issue. Plus, even if that did work it is possible that two users could hit that line of code concurrently and therefore try to create multiple connections, so it would be fragile anyway.
Is there a better way to authenticate against local Windows accounts on a remote machine, authorise against their groups, and change their passwords?
View 1 Replies
Jul 26, 2010
I need to send a X.509 client certificate to a web service in byte array (not attached to request). Besides the certificate, the caller will also send data and signed data. From the web service I can verify if the signature is ok but I don't know what is required to verify that the certificate is ok. I have the client certificate issuer CA trusted in Server (where the web service runs).
More specifically, how can I verify if a X.509 certificate itself is valid? I need to do it in web service not from IIS.
View 4 Replies
Jul 13, 2010
I make an asynchronous call from one web service to another web service deployed on different server? The scenario is that an ASP.NET webforms page will call a web service in an async manner. This particular web service will then make another async call to a second web service deployed on different web server. This this possible to achieve, and what additional steps or code would be necessary to make this happen?
View 1 Replies
Nov 5, 2010
Does anyone have a sample code on this? I want to call the FedEx "Rate Available Services/Rate Shopping" Service to retrieve pricing for various services.
View 2 Replies
Feb 23, 2011
My requirement is i need to display some quotes from some vendors in my User Interface. Some of the quote details will be fetched from database where as some vendors are giving web services to get the quote results. I need to combine the quotes from database as well as the various web service response and display in the grid.
View 1 Replies
Nov 18, 2010
I am posting this as a part of my effort in searching the best possible design solution for my requirement. I am currently working on a complex server control(not user control) in asp.net which is going to be rendered into html elements on the client side.And those html elements needs to do a ajax call backs to the server using js/jquery. Here is the problem. As this is a serverside control and can be added into any application/domain. I dont want to have those callback services hosted separately. Is there any way that I can host those server callback services in the same library? If so, how can I access them from the client side?
View 1 Replies
May 31, 2010
I'm working on a web application using VB.NET. In page load event am calling a remote web service which take time to bring the data. During this process none of the other contents on page are shown(render).
I want to call this remote web service asynchronously so that other data of page is displayed and web service data will be displayed when its available.
View 1 Replies
Apr 22, 2010
I have the web form whcih processing several web services calls.
If one call failed, it will rollback transactions. But it cannot.
Due to the web services will complete for each call.
I am using sql connection and sql command.
Is it possible to do this?
View 11 Replies
Nov 23, 2010
I have a ASP.NET application. From that, User register, User will get email after registration. My Req : When user click on link provided in email. Then it should go to my ASP.Net application page . That page should install a wincows application on Client system through web ( I was inspired by Microsoft Windows update from Microsoft site)
View 1 Replies
Mar 2, 2011
The message sent to browser is as follows:
The type My.API.Class is ambiguous: it could come from assembly '[on Temporary ASP.NET Files]' or from assembly '[on bin folder]'
The problem occurs when debugging a Web App, speciically when making a request to a WebMethod of a WebService.The project compiles just right. It generates My.Website.dll on bin folder and if I publish the Web Application. It works fine.The asmx file is on the root of the application. The CodeBehind file is on App_Code and its marked to be compiled to generate My.Website.dll.The way this person exposes its problem is somehow similar but I get starting to be lost when he talks about a proxy class and shared dlls I don't use.
View 2 Replies
Jan 12, 2011
I have an ASP .NET 2.0 (4.0 is an option) page that I've embedded the Windows Media Player to using OBJECT tags.
The player is connecting to a Windows Media Services publishing point on the Web server. This is on a 2008 server.
Everything works great, see it here: [URL]
If I understand correctly, the information the player is showing in its status bar comes from the ID3 tags of the current track. Continuing on this line of thought, the ID3 information must be coming to the player from the media server. Correct?
What I want to do is collect and use the information about the track that's current being played. I'd like to be able to create a custom display for the current track information. I'd also like to put a custom value in the track information to look up additional information about the artist/track from a database.
View 2 Replies
May 24, 2012
What is Web services? What is Web services? How can I Transfer the data from server to client and client to server using XML. Need one simple Example program(C# web Application) ...
View 1 Replies
Apr 21, 2010
I'm developing a mobile application in ASP.NET and C#.The focus control does not work for windows mobile browser 5.0.QUESTIONDoes anyone have code for C# that can set the focus on a textbox for windows mobile 5.0 internet explorer?
View 2 Replies