1

i have a web service (asmx) with few methods. it is currently used by just couple of clients and they are flexible. Problem i have is that service has no security infrastructure in place and virtually anyone can call it. This behavior is not desired. what i want is to put in place some security mechanism for my service so user can pass login credentials and i also want that login of a client is remembered for some time i.e i don't have to go to db for every request. I have gone through this article and it seems good enough to me. Only thing that bugs me is that i have to check database for user authentication on every request. Is there a way, i can override (change) this behavior. I also read few articles on WSE 3.0 but enabling it in VS 2010 seems a hack and i would rather look for a cleaner alternative. Since my clients are flexible, i can move to wcf as well. If any such thing is available in wcf or asmx, please guide me in right direction.

Muhammad Adeel Zahid
  • 17,474
  • 14
  • 90
  • 155

1 Answers1

2

WSE is obsolete and should not be used unless there are no other choices.

ASMX is a legacy technology and should not be used for new development.

WCF should be used for all new development.

John Saunders
  • 160,644
  • 26
  • 247
  • 397
  • ok, i got it. but how do i implement security (with remembering client for some time). if it is not possible then suggest any other security alternative. thanx – Muhammad Adeel Zahid Apr 04 '12 at 06:07
  • 2
    @MuhammadAdeelZahid, Microsoft has a complete guide here, http://wcfsecurity.codeplex.com/ – Lex Li Apr 04 '12 at 06:18