 | |
Re: can web service be used as central logon management
ASP.net Web Services microsoft.public.dotnet.framework.aspnet.webservices
 |
| | Thread Tools | Search this Thread | Display Modes |
#1
 
| |||
| |||
|
Re: can web service be used as central logon management -
08-12-2003
, 01:30 PM
|
what i want to do is creating a central web service to authenticate user logon. Is it possible? |
It seems you have something like this:
browsers (B) connect to web servers (W1) to request pages.
Apps running on the Web servers then need to authenticate the users (from
the browser).
The web apps can use "anything" as the backend authentication service. One
common way is for the
webapp to do a database query, and find a record for the given userid and
password hash. But you could
just as easily use a webservice to verify the authentication information.
A web service is fine.
As for security issues: yes, you need to be careful and thoughtful.
What information are you passing from the browser to the web app? is it a
bonafide password, or a hash, or ... what? Are you using encrypted
communications between the browser and web app?
Same issues with the communications from the web app to the authentication
service.
how long will the authenticated sessions last? how will you do timeouts?
and so on...
Sorry, there are no simple answers to these things.
-Dino
"xiaobin sun" <sunxb (AT) feinfo (DOT) com> wrote
Quote:
|
I have several web applications running on different web servers. what i want to do is creating a central web service to authenticate user logon. I.e. every application will connect web service to determine whether a user is authenticated or not? Is it possible? are there any security problem? |
|
« Previous Thread
|
Next Thread »
| Thread Tools | Search this Thread |
| Display Modes | |
Linear Mode
| |
Powered by vBulletin Version 3.5.4
Copyright ©2000 - 2013, Jelsoft Enterprises Ltd.
Copyright ©2000 - 2013, Jelsoft Enterprises Ltd.