Use Windows Authentication in Web Service

Source: Internet
Author: User

Many of my friends know that Web Service supports windows verification. But in fact, there are not many good friends, because there are a few special points that need to be noted.

1. How to configure on the server

Note that the authentication mode is Windows by default, but setting this mode alone is useless. The relevant authorization rules must be set at the same time. And do not just use allow. In the end, deny all users or groups that are not allow.

 

The service must be published to the IIS server for debugging. If it is not released and debugging is only in Vs, some settings cannot be made, such as the type of the Windows Verification Mode.

 

2. Publish a service

Generally, "Anonymous Access" must be disabled here ". At the same time, you may need to select a specific verification mode (basic, or integrated)

If "Basic" is selected, the client can dynamically specify the user name and password. Note that the user name and password are sent in plaintext, which poses a security risk. (Can work with SSL) to solve this problem

If "integration" is selected, the client will automatically negotiate with the server to determine whether to use the NTLM or korbers authentication identity, that is, the client's windows creden。 must be automatically sent to the server.

 

3. How to compile the clientCode(If the Server Authentication mode is "Basic ")

 

4. How to write code on the client (if the Verification Mode of the server is "integration ")

 

Here, you only need to use the special credentials defadefadefadefa, which actually represents the Windows identity of the current client. Obviously, in this case, the client and the server must be in a trusted domain environment.

 

5. the "Basic" and "integration" verification methods can coexist.

Many of my friends know that Web Service supports windows verification. But in fact, there are not many good friends, because there are a few special points that need to be noted.

1. How to configure on the server

Note that the authentication mode is Windows by default, but setting this mode alone is useless. The relevant authorization rules must be set at the same time. And do not just use allow. In the end, deny all users or groups that are not allow.

 

The service must be published to the IIS server for debugging. If it is not released and debugging is only in Vs, some settings cannot be made, such as the type of the Windows Verification Mode.

 

2. Publish a service

Generally, "Anonymous Access" must be disabled here ". At the same time, you may need to select a specific verification mode (basic, or integrated)

If "Basic" is selected, the client can dynamically specify the user name and password. Note that the user name and password are sent in plaintext, which poses a security risk. (Can work with SSL) to solve this problem

If "integration" is selected, the client will automatically negotiate with the server to determine whether to use the NTLM or korbers authentication identity, that is, the client's windows creden。 must be automatically sent to the server.

 

3. How to write code on the client (if the Authentication Mode on the server is "Basic ")

 

4. How to write code on the client (if the Verification Mode of the server is "integration ")

 

Here, you only need to use the special credentials defadefadefadefa, which actually represents the Windows identity of the current client. Obviously, in this case, the client and the server must be in a trusted domain environment.

 

5. the "Basic" and "integration" verification methods can coexist.

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.