s***k 发帖数: 25 | 1 Using MS Soap ToolKit
Is there a way to control access right on the soap server
besides basic authentication?
would form based authentication works say with a cookie?
thx |
a*****a 发帖数: 438 | 2 ok, I'm throwing my 2 cents here but be aware that I haven't
used SOAP toolkit yet:) - I am using VS.NET.
There are a few choices for security in web service (the
only thing I know about currntly):
1. NTLM - .NET Framework has an API called
User.IsInRole("domainname")..
2. Form based authentication - passing cookies around (which
you were thinking)
3. soap header - pass your username/password in soap
headers..
I only know about these ideas, never written any code on
these;)
【在 s***k 的大作中提到】 : Using MS Soap ToolKit : Is there a way to control access right on the soap server : besides basic authentication? : would form based authentication works say with a cookie? : thx
|
s***k 发帖数: 25 | 3
Thanks acutally i know the last 2, but would like to know
where .NET is headed in the context of SOAP security, would
really like someone from inside to make some insightful comment
can u describe the first option in a bit more detail?
user is from passport service? and role acl is at domain level?
【在 a*****a 的大作中提到】 : ok, I'm throwing my 2 cents here but be aware that I haven't : used SOAP toolkit yet:) - I am using VS.NET. : There are a few choices for security in web service (the : only thing I know about currntly): : 1. NTLM - .NET Framework has an API called : User.IsInRole("domainname").. : 2. Form based authentication - passing cookies around (which : you were thinking) : 3. soap header - pass your username/password in soap : headers..
|
a*****a 发帖数: 438 | 4
I can't comment on SOAP security about .NET.. since I know
nothing:)
1st option: role is at domain level.
If you intend to use your app on WWW, you need to check with
Passport SDK. (www.passport.com)..
【在 s***k 的大作中提到】 : : Thanks acutally i know the last 2, but would like to know : where .NET is headed in the context of SOAP security, would : really like someone from inside to make some insightful comment : can u describe the first option in a bit more detail? : user is from passport service? and role acl is at domain level?
|