Authentication for Web Services

Introduction

Consider authentication of your web service to be like a door on your house. It needs to be wide enough to allow people to enter, but only if they've knocked first. Getting away from the cutesy analogies, authentication is the process of making sure that the person who is asking to use the web service is really the person that they claim to be. This is done by requiring the user (also known as the "principal") to provide a set of credentials. In return, they will receive a security token that can be used to access the server.

The credentials usually take the form of a user id and password. However, what is really required is everything necessary to uniquely identify the user. For example, in our sample web service, we require that a company code be supplied along with the user id and password. The reason for this additional information is that the data we use to rate a shipment is different for each company.
On the other hand, the security token that is returned is usually more conceptual than physical. It can take the form of a cookie placed on their browser, a session id stored on the serveror an actual string of characters. For our application, we are using a 33-character character string. The reason for our choice will be detailed later in this article. And before we get to that, let's look at the tools that are available to assist with the authentication process.

You might also like...

Comments

About the author

Bruce Johnson Canada

I am the owner of a small application development consulting company that specialized in the design and implementation of Internet-based applications. While there are others who can make a web ...

Interested in writing for us? Find out more.

Contribute

Why not write for us? Or you could submit an event or a user group in your area. Alternatively just tell us what you think!

Our tools

We've got automatic conversion tools to convert C# to VB.NET, VB.NET to C#. Also you can compress javascript and compress css and generate sql connection strings.

“It is practically impossible to teach good programming style to students that have had prior exposure to BASIC. As potential programmers, they are mentally mutilated beyond hope of regeneration.” - E. W. Dijkstra