Basic Authentication for a web service in an app that uses custom authentication

I've got a web application that uses a customized version of Forms authentication.  However, as part of that web app, I have a web service that I want clients to be able to consume, and I'd like that web service to use Basic authentication.  To complicate matters, I'd like the service to be usable anonymously (without any authentication), and make the "basic" authentication "optional" (wherein the web service would check for the existence of the authentication information and return modified results acordingly.)

Ideally, I'd like it to be just this one web service, or perhaps a single specific directory that partakes in this mechanism.

Anyone have any tips as to how I can do this?  Thanks a ton for any advice anyone might have...

0
adsaero
11/18/2008 11:37:43 PM
asp.net.security 27051 articles. 1 followers. Follow

0 Replies
766 Views

Similar Articles

[PageSpeed] 44

Reply:

Similar Artilces:

Converting Web Service/Basic Authentication Code From Client App To VS .Net
We've got a Web service we need to access from both client applications (like Excel) and from other Websites. As part of our security we need basic authentication for the Web service. On the client side we managed to hack it in using a bit of backdoor code. In Excel 2003, the following code works successfully to create an instance of the Web service:  Set sc_POC = New SoapClient30 m_WSDL_URL = "https://username:password@mysite/myWS.asmx?wsdl" sc_POC.MSSoapInit2 m_WSDL_URL, str_WSML, c_SERVICE, c_PORT, c_SERVICE_NAMESPACE sc_POC.ConnectorProperty("ProxyServer...

Authentication in Web Application using Sys.Services.Authentication
New to the site and Aspnet Sys.Services.Authentication Services  trying to make User Profile work with Membership Provider blah blah blah, in iis 5.1 and XP... have read all the articles and have setup Web.Config Security etc...? But something on my part is missing...?  If I have the Authentication Type= Windows the app. etc. performs as per the documentation,  I change the Authentication type to Forms, I can login fine,  but  if i change Forms the Credentials are totally lost and my Profile Data does not appear.. Users, Sessions etc. are the same User.  Its'...

Accessing Web Service using basic authentication
 I have a Web Service whose virtual directory is set to use basic authentication.  If my ASP.Net application’s virtual directory is also set to use basic authentication, is it possible to connect to the Web Service without having to prompt the user for their credentials again?  Here’s a code snippet: Dim lobjNetworkCredential As NetworkCredentiallobjNetworkCredential = CredentialCache.DefaultNetworkCredentials ‘ gives 401.5 errorlobjNetworkCredential = New NetworkCredential("me", "mypassword", "mydomain") ‘ worksDim lobjHttpWebRequest As Ht...

Authenticate against the Active Directory by Using Forms Authentication and Visual Basic .NET
I am using the code found on microsoft site http://support.microsoft.com/default.aspx?scid=kb;en-us;326340 And when i run it I get an error: Error authenticating. Error authenticating user. A referral was returned from the server I have changed the code to specify my domain DC=MyDomain,DC=local Has anyone run into this or knows what it means? Thanks Craig Hi Craig, Its giving me the same error. Can you please tell me how u specified ur DC,LDAP etc.. For example:- Dim domainAndUsername As String = domain & "\" & username Dim entry A...

Build Custom Security Database or use authentication web interface
Hi all,I'm just about to undertake my first big ASP.Net web project at work. I have to build a six level security application, fully protected from hackers and SQL injections.My boss has advised me to use build my own security application/database. I know that this will give me more flexibility but it sounds like a big task.What i need is some information on making the right decision, Articles, tutorials and the like about the advantages and disadvantages. I need to know whether big professional sites can be built by using the Web authentication wizard, how flexible it can be e...

Calling a web service by using a client certificate for authentication
Hi, I am trying to call a web service to send a 'Ping request' using x509 certificate installed in my local machine. I am adding security credentails like Username and Password  and also sending the x509 certificate to the soap request. This is done using WSE 2.0. I think I am doing it the right way as I dont see any problem in the code. But, I keep getting this response 'Authentication Failure'. I tried writing the contents of the soap request to a log file and looks like the soap header is not getting added to the soap message at all. Please see ...

Calling a web service by using a client certificate for authentication
Hi, I am trying to call a web service to send a 'Ping request' using x509 certificate installed in my local machine. I am adding security credentails like Username and Password  and also sending the x509 certificate to the soap request. This is done using WSE 2.0. I think I am doing it the right way as I dont see any problem in the code. But, I keep getting this response 'Authentication Failure'. I tried writing the contents of the soap request to a log file and looks like the soap header is not getting added to the soap message at all. Please see ...

web service
Hi guys, I would like to create a web service that has basic username and password authentication.  I've created a call to this web service and added credentials to the call as show below (VB .net 2.0)Dim ws As New localhost.Service() Dim retVal As String Dim credentials As New CredentialCache()credentials.Add(New Uri(ws.Url), "Negotiate", New NetworkCredential(txtUsername.Text, txtPassword.Text)) ws.Credentials = credentials retVal = ws.SubmitMessage(txtMessage.Text, txtVersionID.Text, txtSourceGUID.Text) I can't seem to find the Credential...

Custom Authentication and Authorization Strategy (Need to use external Web Service / DB)
Greetings all,We have a situation in which we need to authenticate users who have already been authenticated by an agency-wide single-sign-on solution: Netegrity SiteMinder. SiteMinder is an ISAPI filter that intercepts requests before they get to ASP.NET.SiteMinder sets an "SMSESSION" cookie into the request header, and the system that provides the front-door authentication/authorization sets a "USER" cookie. So, those cookies should always exist before our ASP.NET code ever gets a request.So, the first time the user ever comes to our system, we'll read those cookies, and if the USER does n...

Security concern over application services such as authentication exposed as web services
There have been questions around security with regard to exposing application services such as authentication as web services to the client side. Can any provide any insight on this ?   Also , when we are invoking webserivces from the client side javascript what identity is used for validating user credentials?   Thanks! Pratibha...

Moving from web app to web services, authentication and my existing objects
We have a web app.  We use Forms Authentication.When someone logs in we use Membership.ValidateUser(UserID,Password)  with UserID and Password coming from our controls on the login page.Then after the user is validated we run FormsAuthentication.RedirectFromLoginPage(UserID, false) which brings us to our pages.  So in our business objects when we want to access which Products or Prices a user is allowed to see we reference HttpContext.Current.User.Identity in our custom security object.  It uses the .Name property to retrieve our custom security permissions and we can re...

Forms Authentication, Custom Membership Provider, nested web.config, the nested app ==> Parser Error Message: Could not load type 'MyCompany.Security.FrameworkRoleProvider'.
Hi, I have written a custom membership provider for our application (which is in the root of the "default web site" in IIS). In the default-web-site web.config, I've specified the MyCustomMembership Provider and all works well (see below for snippet of web.config file). However, if I want to put another application is a (sub) virtual-directory to this main directory, then run the app in this virtual directory, I get the error: Parser Error Message: Could not load type 'MyCompany.Security.MyCustomMembershipProvider'.Source Error: Line 113: <provi...

Web Service Basic Authentication
Hello,  I have an advanced question in terms of Web Service Basic Authentication.  This question involves a situation where an ASP.NET 2.x or 3.x application will consume a WSDL for a web service hosted on a machine using Jetty as its web server.  Thus, we have a .NET client speaking to a Java Web Service.  Now, of course Java does not work with AD security out of the box.  For our implementation we will need to have our Java application accept Basic Authentication.  Hence, our ASP.NET web application will need to consume the Web Service and submit credential...

Security of using Basic Authentication?
I have a question about the security/risk of using basic authentication for an asp.net app. Scenario: We have an Intranet ASP.NET app that needs to access a file share across the network. We are currently using Basic Auth on the Virtual Directory, with Windows authentication mode and impersonate="true" in the web.config file. Note: I am also looking in to using Kerberos constrained delegation, but my head starts spinning once I get too deep into SPNs, cross-domain trust, etc. So, I think Basic Auth might be my best easiest option. I have a question ...

Web resources about - Basic Authentication for a web service in an app that uses custom authentication - asp.net.security

Authentication - Wikipedia, the free encyclopedia
Authentication (from Greek : αὐθεντικός authentikos , "real, genuine," from αὐθέντης authentes , "author") is the act of confirming the truth ...

New Tools to Optimize App Authentication
At f8, we announced a redesigned Auth Dialog and a new authentication flow to give developers more control over people’s first experience with ...

Facebook Tells Some Developers They Have 48 Hours to Fix Authentication Data Leaks
... sent an email to what it calls a “very small percentage of the developer community” informing them their apps are suspected of leaking authentication ...

Lockdown - A better two-factor authentication experience on the App Store on iTunes
Get Lockdown - A better two-factor authentication experience on the App Store. See screenshots and ratings, and read customer reviews.


Sony Authentication Power Outlet Recognizes Users and Devices #DigInfo - YouTube
Sony Authentication Power Outlet Recognizes Users and Devices DigInfo TV - http://diginfo.tv 9/3/2012 NFC & Smart WORLD 2012 Sony Authentication ...

SafeNet brings Cloud-based authentication service to A/NZ
SafeNet has released its new Cloud-based authentication service, billed as Authentication-as-a-Service, in A/NZ.

Two-factor authentication - cyber security -
Two recent hacking cases highlight how personal emails can impact overall business security through tiny weaknesses.

Digital authentication to become Google's next big focus
Streamlining the website login process a top priority, according to the company’s Australian business and consumer services manager Dan Metcalf. ...

ATO boosts service access via app and voice authentication
The ATO has announced it will extend its voice authentication system to its mobile app

Resources last updated: 12/27/2015 9:54:27 PM