Web Services Client Authentication

Authenticating a Client from Web service is the measure of security while exposing Business Applications over Internet. We will be covering the Authentication techniques of a Web services client. There are 2 ways of implementing this, Using user current credentials or the alternate credentials.

Authenticating user by Credentials

To pass the web service the user credential from the user’s desktop session,

Set the System.web.Services.Protocols.SoapHttpClientProtocol.Credentials object to System.Net.CredentialCache.DefaultCredentials.

Check out the code sample which creates a new SoapHttpClientProtocol object based on an imaginaryu web service located at http://www.xxxx.com/TestServices and configuring the object to the current user’s credential.

Com.xxx.www.TestServices server = new com.xxx.www.TestServices();

Server.credentials = System.Net.CredentialCache.DefaultCredentials

Above code causes the user name and password to be added to the HTTP Headers. IIS uses these headers for authentication.

Explicit providing of the credentials is bit complex. Let us examine the following code  which gathers the user credentials from the Command line arguments and prepares a SoapHttpClientObject object to present those credentials.

//Prompting for a username and Password

Console.WriteLine(@”Enter username in the format domainusername : “);

String username = Console.ReadLine();

Console.WriteLine(“Enter Password”);

String password = Console.ReadLine();

//Create the Web Services Object

com.xxx.www.TestServices server = new.com.xxx.www.TestServices();

//Create the Credentials object and assign it to users credentials

Networkcredential credentials = new Networkcredential(username, password)

//Assigning the value to web services credentials

Server.credentials = credentials;

One of the disadvantage to be noted is it uses Kerboros or Integrated windows authentication provided by the IIS which is not supported by Non Microsoft web services clients. WSS comes up with the standards for addressing such kind of problems. MS has comeup with WSE (Web services Enhancements) framework. Check out more information on http://msdn.microsoft.com/webservices/building/wse/default.aspx.