NGWS SDK Documentation  

This is preliminary documentation and subject to change.
To comment on this topic, please send us email at ngwssdk@microsoft.com. Thanks!

ASP+ Web Services Security

ASP+ Web Services are secured using the same mechanisms as any other ASP+ resource. Developers and administrators utilize the ASP+ Web Service’s activating .ASMX file to set all authentication and authorization policy.

ASP+ authenticates and authorizes access to all ASP+ Web Service using the Windows authentication system provided by IIS. This enables developers and administrators to enable either Basic, Digest or NTLM protocol level authentication for a particular application, directory or individual web service, and then authorize access to individual resources using NT based file ACLs.

Alternatively, developers and administrators can enable custom ASP+ authentication, either via passport or a custom cookie based scheme. The advantages of these solutions over the Windows authentication approach are that applications are no longer required to maintain a separate NT account for each user. Instead they can either utilize a Internet wide credential system in the case of passport, or role their own credential validation system, such as looking up usernames/passwords in a database, with the custom cookie based scheme.

Important: Note that in this release, the client proxy classes supplied do not support either the passport or custom cookie based authentication schemes. It will be possible to utilize these authentication solutions with a custom client such as if a user was accessing the web service directly from WinInet. However, the automatic SDL based proxy classes are disabled. Users should enable Basic, Digest or NTLM based credential validation.