Web Services Client Authentication

Authenticating a Client from Web service is the measure of security while exposing Business Applications over Internet. We will be covering the Authentication techniques of a Web services client. There are 2 ways of implementing this, Using user current credentials or the alternate credentials.


Authenticating user by Credentials


To pass the web service the user credential from the user’s desktop session,

Set the System.web.Services.Protocols.SoapHttpClientProtocol.Credentials object to System.Net.CredentialCache.DefaultCredentials.


Check out the code sample which creates a new SoapHttpClientProtocol object based on an imaginaryu web service located at http://www.xxxx.com/TestServices and configuring the object to the current user’s credential.


Com.xxx.www.TestServices server = new com.xxx.www.TestServices();

Server.credentials = System.Net.CredentialCache.DefaultCredentials


Above code causes the user name and password to be added to the HTTP Headers. IIS uses these headers for authentication.


Explicit providing of the credentials is bit complex. Let us examine the following code  which gathers the user credentials from the Command line arguments and prepares a SoapHttpClientObject object to present those credentials.


//Prompting for a username and Password


Console.WriteLine(@”Enter username in the format domain\username : “);

String username = Console.ReadLine();

Console.WriteLine(“Enter Password”);

String password = Console.ReadLine();


//Create the Web Services Object

com.xxx.www.TestServices server = new.com.xxx.www.TestServices();


//Create the Credentials object and assign it to users credentials

Networkcredential credentials = new Networkcredential(username, password)


//Assigning the value to web services credentials

Server.credentials = credentials;


One of the disadvantage to be noted is it uses Kerboros or Integrated windows authentication provided by the IIS which is not supported by Non Microsoft web services clients. WSS comes up with the standards for addressing such kind of problems. MS has comeup with WSE (Web services Enhancements) framework. Check out more information on http://msdn.microsoft.com/webservices/building/wse/default.aspx.





Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.