4

I'm using ASP.NET MVC2 which request methods from Web-service (My all DAO place in Web-service). For Web-service using Basic Authentication. For authentication from asp.net to web-service, I use FormsAuthentication. For this I was write WebServiceMembershipProvider inheritance from MembershipProvider. In method ValidateUser I connect to Web-service and if authentication was successfully - save ticket in cookies use FormsAuthentication.SetAuthCookie.

My question: where I must store username and password after validation: Cookies, Session or other? I need stored username and password for send it to Web-service before call methods in Credentials, for example:

MyServiceSoapClient client = new MyServiceSoapClient();
client.ClientCredentials.UserName.UserName = this.username;
client.ClientCredentials.UserName.Password = this.password;
List<Product> products = client.GetProductList();
Jason Berkan
  • 8,734
  • 7
  • 29
  • 39
viko
  • 41
  • 2

1 Answers1

1

If I understand the question correctly, you have a web-app that calls a web service that needs a user name and a password for function calls after the authentication, which is also a function call.

In your WebService class (WebServiceMembershipProvider) you inherit from MembershipProvider and make a call to MembershipProvider.ValidateUser.

If you are talking about storing more information then just that in FormsAuthentication.SetAuthCookie, then this is the answer you are probably looking for.

Other wise this has a lot of example code for working with Forms Authentication in Webservices that might help you.

Community
  • 1
  • 1
jafesler
  • 117
  • 1
  • 7
  • I know this question is old, but I need rep for a bounty on one of my own. I hope at the very least this is useful to the people that up voted it. – jafesler Nov 16 '10 at 20:59
  • We use the method of storing additional information in the FormsAuth cookie, by serializing and deserializng it into and out of UserData. It works well for us, but I'd have reservations about storing the user's password in there (though it is encrypted). – quentin-starin Nov 16 '10 at 21:25