Securing Webservices : Asmx or WCF

Go To


i have a web service (asmx) with few methods. it is currently used by just couple of clients and they are flexible. Problem i have is that service has no security infrastructure in place and virtually anyone can call it. This behavior is not desired. what i want is to put in place some security mechanism for my service so user can pass login credentials and i also want that login of a client is remembered for some time i.e i don't have to go to db for every request. I have gone through this article and it seems good enough to me. Only thing that bugs me is that i have to check database for user authentication on every request. Is there a way, i can override (change) this behavior. I also read few articles on WSE 3.0 but enabling it in VS 2010 seems a hack and i would rather look for a cleaner alternative. Since my clients are flexible, i can move to wcf as well. If any such thing is available in wcf or asmx, please guide me in right direction.

2012-04-04 05:58
by Muhammad Adeel Zahid


WSE is obsolete and should not be used unless there are no other choices.

ASMX is a legacy technology and should not be used for new development.

WCF should be used for all new development.

2012-04-04 06:05
by John Saunders
ok, i got it. but how do i implement security (with remembering client for some time). if it is not possible then suggest any other security alternative. than - Muhammad Adeel Zahid 2012-04-04 06:07
@MuhammadAdeelZahid, Microsoft has a complete guide here, - Lex Li 2012-04-04 06:18