Friday, July 21, 2006

Webservice Authentication

Suppose you have a collection of webservices resides in some server. You would like not to give a public access to these webservices. What shall you do?

Actually, you need some how an authentication mechanism to compromise the accessablity. One soultion would be to make an authentication webservice. Any client wants to access your webservices, should call it first. This webserice simply will take 2 parameters: username and password. The return value would be a hashcode.

This hash code could be used afterward in accessing any other webservice. The interfaces for example for your webservices could be something like that:


string wsAuthenticate(string username, string password)
string wsAnyOtherWebservice(string accessCode, ... )

As you see, the returned hash code (access code) form wsAuthenticate will be used in accessing the other webservices and the client will not be able to get the service unless he have an account in your system.