How to check caller using webservice

Question

How to check caller using webservice

I have inherited a system that retrieves data from a web method as a dataset. Data is potentially sensitive. The only thing that struck me was that some methods did not know, did not check who was the caller, and others who needed an integer to identify the caller. This integer starts at 0 and is sequential and associated with another company / data set. Obviously not enough. (It was easy for me to see data that I should not have access to, guessing the numbers

My question is, is there a better way to authenticate subscribers by improving this system.

+3

c # asp.net web-services

Stuart May 31, '09 at 21:07

source share

2 answers

-, , , , -.

.

0

ichiban 31 '09 21:22

Marc Gravell · Accepted Answer · 2009-05-31T21:26:02+0000

What service? These days, I would write it as WCF and use any of the usual authentication models for authentication (usually I use TransportWithMessageCredential - that is, SSL with username / password in the body). Then you can simply verify your identity with Principal( Thread.CurrentPrincipal.Identity.Name).

SOAP SOAP - /, , , . " " , SSL. , , ( ..); kerberos - . , .., SSL.

How to check caller using webservice

More articles: