I have a C # ASP.NET 3.5 web application using authentication. Users log in with their username and password on login.aspx, which are authenicated using custom authentication logic and then sent to input.aspx, where they enter some parameters and get a response to output.aspx. If they try to access input.aspx without authentication, they are redirected to login.aspx.
The same users want to be able to use the functionality of this web application without using a user interface from a Unix environment. So I added a web service file (.asmx) to this web application. I do not create a separate project for this web service, since the web service uses the code, code files in global.asax of the existing web application, and I should not duplicate this code for the web service.
The web service functionality is working fine now, although I don’t know how to authenticate users. The web service client will send the username and password only once (possibly using the "login" of WebMethod, which I can write to ensure their authenticity), and then should be able to send several requests (maybe until they call "do not exit from WebMethod or before their session / cookies expire).
To prevent web requests from being redirected to the login.aspx page, I excluded the .asmx file from authentication using the location tag in web.config. (I do not know which way). But then I mean that the user does not then authenticate to the web application, and therefore the code of the web application that uses the service will not be available, right?