0

I'm working on a .net application that uses wsdl to connect to another service (the service is SpiraTest). I need to call authentication method in every request. The problem is that the service only provides a method to authenticate with a username and a plain-text password.

What would be a good way to save the username and plain password? I'm considering putting them in a session if I don't better options?

Users log in with the credentials to use the app and I use the same credentials to contact the remote service. User log on only once, but every time they navigate through pages that need data from remote service, I need to authenticate using the credentials that user gave when logging in.

MIWMIB
  • 1,407
  • 1
  • 14
  • 24
  • 2
    I don't know the service, but you might consider to ask a feature request that they encrypt the passwords. As since plain passwords are never a great idea! – woutervs Feb 18 '14 at 09:50

2 Answers2

0

Session consume more memory in server side and it is not good solution for your Task. What I suugest that Form authentication in asp.net. It create a cookie based on the credentials you have passed for authentication and it will be kept on browser until you log off from your App http://www.codeproject.com/Articles/13872/Form-authentication-and-authorization-in-ASP-NET I hope it may solve your problem

SULFIKAR A N
  • 436
  • 4
  • 13
-1

I'm not familiar with ASP.NET sessions, but I'm assuming they're similar to PHP sessions. In that case, the actual session data is kept in a file on the server. If you're just trying to keep your users from seeing this password, I think that keeping them in the session would be sufficient.

However, you haven't told us exactly how this username and password come to exist and are used. If you have just one username / password that your application uses to make requests to the web service, there is no point in keeping them in the session at all - simply store them in a global config.

Community
  • 1
  • 1
Jonathon Reinhart
  • 132,704
  • 33
  • 254
  • 328
  • Users log in with the credentials to use the app and I use the same credentials to contact the remote service. User log on only once, but every time they navigate through pages that need data from remote service, I need to authenticate using the credentials that user gave when logging in. – MIWMIB Feb 18 '14 at 08:00
  • I expect that those credentials are stored somewhere to match against? In that case you could just hash their passwords. And update the database? That way a plain password would never be sent over a connection. – woutervs Feb 18 '14 at 09:52
  • @woutervs Not really, I'm using wsdl service provided by another web service. So, hashing is not an option. But asking for a feature request is a good idea. I will try. Thanks. – MIWMIB May 09 '14 at 03:26