Deciding which security implementation is best for an XML Web service begins with looking at two key security principles: authentication and authorization. Authentication is the process of validating an identity based on credentials, such as a user name and password, against an authority. Once an identity has been authenticated, authorization determines whether the identity is authorized to access a resource.
From this knowledge base, you will know how to secure Web Services with Windows Authentication, please follow the steps below
1. To enable XML Web service for Windows authentication
-- Enable password protect for web service folder from hosting control panel-->IIS Manager-->Password protection, please click
here for details
2. To pass client credentials to an XML Web service using Windows authentication
2.1. Create a new instance of the proxy class to the XML Web service.
2.2. Create a new instance of the NetworkCredential class, setting the UserName, Password and Domain properties.
2.3. Create a new instance of CredentialCache.
2.4. Add the NetworkCredential to the CredentialCache using the Add method of CredentialCache.
2.5. Assign the instance of CredentialCache to the Credentials property of the proxy class.
The following code example sets the client credentials passed to an XML Web service method using Windows authentication.
VB
Imports System
Imports System.Web.Services.Protocols
Imports System.Net
Imports MyMath
Public Class Calculator
Public Shared Sub Main()
' Create a new instance of the proxy class to an
' XML Web service method.
Dim mathproxy As MyMath.Math = New MyMath.Math()
' Create a new instance of CredentialCache.
Dim mycredentialCache As CredentialCache = New CredentialCache()
' Create a new instance of NetworkCredential using the client
' credentials.
Dim credentials As NetworkCredential = New _
NetworkCredential(UserName,SecurelyStoredPasword,Domain)
' Add the NetworkCredential to the CredentialCache.
mycredentialCache.Add(New Uri(mathproxy.Url), "Basic", _
credentials)
' Add the CredentialCache to the proxy class credentials.
mathproxy.Credentials = mycredentialCache
' Call the method on the proxy class.
Dim result As Integer
result = mathproxy.Add(3,5)
End Sub
End Class
c#
using System;
using System.Web.Services.Protocols;
using System.Net;
using MyMath;
public class Calculator
{
public static void Main()
{
// Create a new instance of the proxy class to an XML
// Web service method.
MyMath.Math math = new MyMath.Math();
// Create a new instance of CredentialCache.
CredentialCache credentialCache = new CredentialCache();
// Create a new instance of NetworkCredential using the client
// credentials.
NetworkCredential credentials = new
NetworkCredential(UserName,SecurelyStroredPassword,Domain);
// Add the NetworkCredential to the CredentialCache.
credentialCache.Add(new Uri(math.Url),
"Basic", credentials);
// Add the CredentialCache to the proxy class credentials.
math.Credentials = credentialCache;
// Call the method on the proxy class.
int result = math.Add(3,5);
}
}
For more details on how to secure Web Services, please click
here