I'm using Asp.net c# language programming. What is the best way for authenticating web methods in a web service? Is it right having authentication for every web method and verify user name and password for each web method? Is there a way to authenticate just once not for every web method? something like using sessions and etc?
View 2 RepliesWhat is the best way for authenticating web methods in a web service? Is it right having authentication for every web method and verify user name and password for each web method? Is there a way to authenticate just once not for every web method? something like using sessions and etc?
View 2 RepliesI am trying to implement webservice authentication using SOAP Header. how to provice single authentication which applied to all the methoads of webservice.
Example :
public class Service:System.Web.Services.WebService
{
public AuthSoapHd spAuthenticationHeader;
public Service()
[code]....
On this sample it has only one method and based on the username and password mataches it provides access. As like this there are plenty of web methoad's in my webservice and i don't want to check the username and password on all the methoads. instead i wanted to checkonce and provide access to all the methods.
I have an asp.net app. It has a page that requires authentication. The authenticated user can view the page because he/she is authenticated. The page makes a jQuery Ajax call to a WCF service. The WCF service checks that the user is authenticated via HttpContext. I have a user that is using WinXP and IE8. This user can authenticate to the page, but when the Ajax call is made from the page to the wb service, the user recieves my "session not authenticated" message on the page, generated by the service and displayed on the page. When I use the same OS/browser combo, the page and service work just fine, as expected; no errors.
What option in this user's IE settings would cause this behavior?
I have a web service set up on an IIS server. When I navigate to the page in a web browser it asks me for my user name an password, as desired. However I want to consume the service in a .NET application (C#). What do I need to do to provide a user name and password programmatically so that I can consume the service? Or is there some other way I should be authenticating a user?
View 1 RepliesI need to send a X.509 client certificate to a web service in byte array (not attached to request). Besides the certificate, the caller will also send data and signed data. From the web service I can verify if the signature is ok but I don't know what is required to verify that the certificate is ok. I have the client certificate issuer CA trusted in Server (where the web service runs).
More specifically, how can I verify if a X.509 certificate itself is valid? I need to do it in web service not from IIS.
how to authenticate a user using the central authentication service?
I created a login page to enter the user name etc. I have the server for the authentication.
I am having difficulty deploying a Silverlight 4 RIA services Web app to IIS 6 on Windows Server 2003. The application works fine when running on the development server. However, when deployed to a production server, all the Web service calls redirect to the login page.
Here are the details:
The site uses forms authentication. Login is via an ASP.NET Web page; the Silverlight application does not have its own version of the login page. Login is working correctly.
In my asp.net application, I am using wcf service to get all the business logic. I am using that service reference in my application to work with that. Now adding that service reference is giving another option Update service reference is giving Generate asynchronous operations. If I check the option and add the service will it generate asynchronous methods for my existing service. If so how do I use the metohd.
View 1 RepliesI am using an AJAX dropdownlist control with two dropdownlist. Instead of using a webservice to populate the data, I used the pagemethod to populate. My problem is the second droplist won't populate. I get a server error, 500 in the droplist. The first droplist populates fine.
BUT here's the real kicker. If I reverse the order of the public static function such that GetHelloList2 comes BEFORE GetHelloList1 in the code, then the GetHelloList2 works ...... it just seems like it is only firing one pagemethod event and allowign only one.
[URL]
i have added a service reference but i am unable to access the methods, there is a method call "GetContactById" which i can see when i add the service but i am unsure how i can get to this in code. i have tried creating an instance first but i get this error
Error 116 Core.omnetService.OMWCoreSoap' is a 'type', which is not valid in the given context
omnetService.OMWCoreSoap test = omnetService.OMWCoreSoap();
test.GetContactById(strKey, UserId.ToString());
what is the best way to solve this?
I have a web service/wsdl file that requires client authentication to passed through SOAP headers.
There is not property or method available in web service to set the SOAP headers.
how to call the web service method along with SOAP headers in .NET 2.0
I have an ASMX Web Service set up to use the HTTP GET method. Simple methods which take basic String and Int parameters are working ok, and I can call MyService.asmx/MethodName?Param=Value and get a response back in XML.
However, when I have a method which has a nullable Int (i.e. int?), I get this error:
< Method Name > Web Service method name is not valid.
The error message is confusing, as the method does exist, just not in the GET scope. I presume this is because a nullable type is too complex to be passed via the URL, but I can't find any documentation or SO posts on this.
I appreciate that complex types like Lists or custom classes etc will not work using GET, but I would have assumed that a simple nullable int or nullable datetime could be handled natively, simply by detecting whether it was omitted from the URL. Guess it's not that simple!
We have a customer who are using HP Web Inspect to test for vulnerabilities in our software.
The web inspect tool is complaining about about error messages being returned when a request such as the following is made [URL].
The ASP.Net framework returns a page with the following text content and a 500 status code.
System.IndexOutOfRangeException: Index was outside the bounds of the array.
[code]....
but the error seems not be an unhandled error and so neither 500 page is shown.
I have three cascading dropdowns on my web page and they work fine. The issue I am facing is that there are other controls on the page which cause a postback and with each postback the cascading drop downs are being re-populated (service methods are called) which is becoming a performnace issue.
View 1 RepliesI currently have an odd problem with ASP.Net authentication. Consider the two following lines:
MembershipCreateStatus ct = new MembershipCreateStatus();
Membership.CreateUser("admin", "mypassword", "test@gmail.com", "1", "1", true, out ct);
This does register my user in my database. I have verified this.However, when I run this immediately after:
FormsAuthentication.Authenticate("admin", "mypassword");
The authentication fails. The weird thing is I know for a fact that the user does exist in the db, and that is further confirmed if i run
MembershipUserCollection uc = Membership.FindUsersByName("admin");
and uc does hold my admin user withe all the proper info. why Authenticate would return false?
I have an extension method as follows:
public static class PageExtensions
{
public static int GetUserId(this Page targetPage)
{
var user = Membership.GetUser(targetPage.User.Identity.Name);
return (int)user.ProviderUserKey;
}
}
Now in a page I need to use this method in a static WebMethod, so I have added another 'extension method' to PageExtensions:
public static int GetUserId()
{
return (int)Membership.GetUser(HttpContext.Current.User.Identity.Name).ProviderUserKey;
}
and I call it as follows in my WebMethod: PageExtensions.GetUserId()
public class CacheHelper { /// <summary> /// Removes object with the specified key. /// </summary> /// <param name="key">The key.</param> [code]....
I have this methods for caching..I need to change this methods to use in aDictionary<string,object>
How do I need to change this code Because I am new to asp.net I am still learning..
I am beginner in web applications development. I started one little project and host it on source forge "https://homoco.svn.sourceforge.net/svnroot/homoco". And I started implementing authentication in this application to learn how it works. From my experience people never use out of the box things so I want to implement this stuff alone (like in real world projects). So some questions:
1) Is there any reason to use membership out of the box? To use database table schema, stored procedures etc. that tool generate for developer. I think that this lower control over code and I decided to implement it my self. I don't know if I am right.
2) Is my approach in this demo project good or bad (if someone have time I like to do just a little code review)? I created database based on business rules. Not using database schema that membership provider require. Extend "MembershipProvider" class to satisfy my needs. Implement queries to database myself.
3) Now, this question is a little wired but I have to ask it. If we make custom Membership Provider and do sql queries alone, implement all MembershipProvider class methods ourselves, and in application use Membership.blabla() why is this approach different from not extending MembershipProvider class and putting all this methods in some unique class and call its methods then? I hope that someone understand what I ask here.
I am sorry for three questions, but I really trying to find the best way to implement this feature in my demo project like it is a real world application.
i have a repository class inside my model folder; this repositiry contains many methods , which are called from Action methods in the controllers; so my question is :- if i have a method insidle my model.reporsitory which calls a stored procedure, then can i call it an "action method"? or "action method" expression only apply to controller methods?
View 4 RepliesWe say that "GroupBy" and "OrderBy" methods from LINQ as Extension Methods.Then how about "variable.ToString()" and "string.Split()" menthods. Are these Extension methods.
View 2 RepliesIf I am on a website#1, and I enter my username/pwd for website#2 on a login page that is on website#1, and website#1, behind the scenes, makes a httpwebrequest to website#2 and posts to the login page. If I then navigate to website#2, should I be logged in? website#2 uses formsauthentication and I call a httpHandler that is on website#2 and pass it the username/password via the querystring. Should this work?
View 6 RepliesSo we have been using the same login gode to connect to various domains in asp.net, with and without MVC. The code works. We have a new server, first one to run server 2008 r2, set up with a directory structure similar to one of the ones that has been working. Using forms authentication, I set up in the web.config
<add name="ADConnectionString" connectionString="LDAP://10.1.XXX.XXX"/>
and
<!--<authentication mode="Windows" />-->
<membership defaultProvider="MyADMembershipProvider" >
<providers >
<add name="MyADMembershipProvider"
type="System.Web.Security.ActiveDirectoryMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
connectionStringName="ADConnectionString"
connectionUsername="XXXXBrown.Eric"
connectionPassword="XXXX"
connectionProtection="None"
/>
</providers>
</membership>
It connects to build the membership provider just fine, but when I tryto use the exact same username and password to login on the forms login page (the stock asp.net stuff) it fails to login. same user, same password that's being used to connect with the membership provider. If I change the password in the web.config, I get an error that it's incorrect, so I know that the membership provider is getting connected with those credentials. What I can't figure out is why can't I use the same credentials to login? I've checked:
The user is not locked.
the user is not set to change password on next logon.
The user is not expired.
We are developing a browser based intranet application. All users have active directory account, so obvious choice would be use Integrated Windows Authentication. But there will be multiple users accessing same client machine so we decided to use form based authentication (but authenticated against AD). In this scenario what is the best way to authenticate between my ASP.NET application (IIS) and WCF Services (another server IIS 7). I don't want to use asp.Net Compatibility mode or certificate. I am thinking to create another domain account to authenticate ASP.NET and WCF. I am also passing the information about the current ASP.NET user to WCF as header info. Is this the right way to do? The following code will call from ASP.NET to access and get each service method.
// Call WCF service from ASP.NET Application using a new domain account for each call.
proxy.ClientCredentials.Windows.ClientCredential.Domain = "mydomain";
ServiceReference.HelloWorldClient proxy = new ServiceReference.HelloWorldClient();
proxy.ClientCredentials.Windows.ClientCredential.UserName = "new_domain_account";
proxy.ClientCredentials.Windows.ClientCredential.Password = "password";
Is there any better way to authenticate WCF from ASP.NET?
For a few reasons, the bunch I'm working for don't want to use certificates and don't like the idea of a service that can be accessed by anybody with a valid logon.
My question is how can I authenticate an application as being an official application suited for use with these wfc services without using certificates?
They are trying to avoid a situation where inquisitive customers are clever enough to retrieve the service calls and have enough infrastructure to build their own clients to use them.