Answer 1)
Following are few authentication technics to secure a .NET Web Services
- Windows-Based Security
- Basic Windows Authentication
- Digest Windows Authentication
- Integrated Windows Authentication
- Custom Authentication
- Log-in Method
- SOAP Headers
- SOAP header with cookie
- SOAP Extensions
- SOAP extension with encryption
I listed three Windows-based and five custom authentication techniques for Web services. Obviously, there are many more permutations and variations on this theme. Table 1 lists the authentication options I discussed, and the main points to consider when choosing an authentication mechanism:
- Is the password sent in clear text and therefore requires HTTPS?
- What are the platform requirements on both the client and the server side?
- When does authentication take place, on the first call only, or on every call? What are the throughput implications of that?
Table 1: Comparing Windows-based and custom authentication techniques for Web services.
Authentication Method |
Password Sent in Clear Text |
Requires Windows |
Authenticate on First Call Only |
Basic Authentication |
Yes |
No |
Yes |
Digest Authentication |
No |
No |
Yes |
Integrated Authentication |
No |
Client/Server |
Yes |
Log-in method |
Yes |
No |
Yes |
SOAP header |
Yes |
No |
No |
SOAP header with cookie |
Yes |
No |
Yes |
SOAP extension |
Yes |
Client/Server |
Depends |
SOAP extension with encryption |
No |
Client/Server |
Depends |
|