stackoom
  简体   繁体   中英

I was able to pass username and password to webservice, but its not the way i need to secure from unauthorized user

 原文  2013-11-09 18:08:52       c#/ wcf/ web-services/ authentication/ iis-7

Question

This is another question I have about web services and securing them. I made a WCF Web Service and this is the code that I used... 

    [OperationContract]
    [WebInvoke(Method = "GET")]
    string myData(string name, string pass);

and this is the code that I use to interact with the web service... 

    public string myData(string a, string b)
    {
        if (a == "chris" && b == "pass")
            return "You did it";
        else
            return "Nope";
    }

I know this looks basic and I understand that I can add more functionality to it, but I don't think this is the way I need. It looks a little dirty to me.

If have a web service sitting on a server and if someone tries to use the service, I would like a pop up to ask for a username and password, so I can verify that they are in the database and they can proceed invoking the web service.

For this to be done, should I set up authentication in IIS to do this? I think I'm over thinking things. My client just wants me to be able to secure the web service from unauthorized users. So That's what I am running into an issue with, I'm not sure the correct way to secure everything from unauthorized access, should (and how) this be done in IIS or just use the code that I provided.

I apologize if this kind of question has been asked a million times but the question is always different and so are the answers.

1 answers

solution1
 -1  2013-11-09 19:16:00

You should set your authentication method say forms authentication and set you credential in request. Also better do it as HTTPS.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question I want to pass the username and password from html file to (webservice )asmx file. what should i use? not able to get the token from azure active directory by pass username and password for gmail user okta - asp.net web forms - how do I prevent an unauthorized user from navigating to a secure web page? How do I pass username/password credentials from php client to self-hosted wcf service? Is it always unsecure if I pass a password as a string and not as a secure string? How can I pass a username/password in the header to a SOAP WCF Service How can I hide a hard coded username and password from a savvy user with a decompiler? I want to redirect from login.aspx to address.aspx if the user insert the correct username and password Proper way to pass username/password to SmtpClient (.NET) Need to make a login window with username and password in C# but when i introduce an incorrect username or password i get an error
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM