0

I am working on a tradtional (ASMX) web service which is currently used via a private newtwork. So there is no authentication / authorization performed by this web service. We intend to put it on a public network. What is the best way of performing the authetication check on clients accessing it. I thought of a couple of options:

Creates a web service call which checks for the following: 1) Restricting by IP range 2) Use username and password 3) Use either of them based of user preference.

Once they pass the authentication then give the user a token which an be used in subsequent calls. And also host the service on SSL certificate.

I also read about WS-Security on MSDN how does it differ from what I am doing and is that going to be easier option for both server side changes and for clients to make appropriate changes?

Pinu
  • 7,310
  • 16
  • 53
  • 77
  • What type/kind of clients will be accessing the web service? –  Jan 24 '12 at 19:11
  • jeffsix : what do you mean by what type of clients ? It's an interoperable web service. – Pinu Jan 24 '12 at 19:29
  • 2
    WS-Security cannot be used with ASMX web services. You'll either have to move forward to WCF, or backwards to the obsolete WSE. – John Saunders Jan 24 '12 at 19:35

0 Answers0