Re: can web service be used as central logon management - 08-12-2003 , 01:30 PM
It seems you have something like this:
browsers (B) connect to web servers (W1) to request pages.
Apps running on the Web servers then need to authenticate the users (from
The web apps can use "anything" as the backend authentication service. One
common way is for the
webapp to do a database query, and find a record for the given userid and
password hash. But you could
just as easily use a webservice to verify the authentication information.
A web service is fine.
As for security issues: yes, you need to be careful and thoughtful.
What information are you passing from the browser to the web app? is it a
bonafide password, or a hash, or ... what? Are you using encrypted
communications between the browser and web app?
Same issues with the communications from the web app to the authentication
how long will the authenticated sessions last? how will you do timeouts?
and so on...
Sorry, there are no simple answers to these things.
"xiaobin sun" <sunxb (AT) feinfo (DOT) com> wrote
|Thread Tools||Search this Thread|