2

I use asp.net mvc controller instead of Web Service in my project.

When I call the controller from my client app,there will be a authentication problem. If I use Web Service ,I can use SOAP Header , but now in asp.net mvc, There is no soap header.

Please help.

I am really know a little about the web security.

nicholapei
  • 53
  • 5

3 Answers3

0

You have several options.

  1. Use a request header to contain some security token.
  2. Include security tokens in the message that you send in the request body.
  3. If your application uses something like Forms Authentication, you can ask consumers to call a login action, then grab the Forms Auth cookie and include that cookie in subsequent calls.
moribvndvs
  • 42,191
  • 11
  • 135
  • 149
0

Normal way of doing this when you come to http services is to pass it in authorization header in following format (if you are doing request from fiddler)

Authorization: Basic user123:pass123

user123:pass123 string is normally base64 encoded and you have to decode it on server side, check it against user store and authenticate the user. One example can be found here

Community
  • 1
  • 1
Muhammad Adeel Zahid
  • 17,474
  • 14
  • 90
  • 155
0

Since you are not using soap. You may use a simple http way. Which means you start a HttpRequest and handle result via HttpResponse. Thus you have to simulate a authenticate action as signing in from web browser.

You need to get the security token or cookie from the reponse. And put them into your following request. Thus your controller will recognize the request's identity.

Chris Li
  • 3,715
  • 3
  • 29
  • 31