Re: Working as sessions

First, let me recommend against posting signed e-mail to this list.  The list 
manager does not forward it as a signed message.

As for your question, here are some alternatives I gave in a previous post to 
this list.

1. Use HTTP Basic Authentication.  You set up your Web server to require the 
auth and the client must supply it.  It is sent as plain text, so it is less 
secure than some other methods.

2. Use HTTP Basic Authentication with SSL.  This "fixes" the plain text 
problem, as the SSL payload is encrypted.

3. Use SSL with client certificates.  This is an administrative nightmare if 
you have lots of clients, since you will have to issue lots of certs and 
register them on your server.

4. Use HTTP Digest Auth (instead of Basic Auth), which the NuSOAP client now 
supports.

5. Create your own SOAP methods for auth.  A method named something like 
"login" takes a user and password, then returns an authentication token that is 
supplied as a parameter to other calls.  This requires some real coding on the 
back end.

6. A variation on #5, supply registered users with an authentication token that 
they will use as a parameter for all calls.  As with #5, this requires coding 
on your part to lookup the token, etc.

7. There is probably some sort of standard under development by WS-Interop, 
OASIS, W3C, or all of them, but I would not expect broad support among SOAP 
implementations.

Scott Nichol

Do not send e-mail directly to this e-mail address,
because it is filtered to accept only mail from
specific mail lists.

----- Original Message ----- 
From: "Pablo Fischer" <pablo@xxxxxxxxxxxx>
To: <nusoap-general@xxxxxxxxxxxxxxxxxxxxx>
Sent: Wednesday, May 19, 2004 1:52 AM
Subject: [Nusoap-general] Working as sessions


Hi!

Well, I'm looking for comments about a problem:

I have a webservice where I want my users to log in into the system, and
if they are logged on they can use any of the methods that the
webservice has, which is the best solution? send with every webservice
call the username and password (md5ed of course) and validate this
information in every call? or any other ideas?

Thanks!
Pablo
-- 
Pablo Fischer Sandoval (pablo [arroba/at] pablo.com.mx)
Fingerprint:  5973 0F10 543F 54AE 1E41  EC81 0840 A10A 74A4 E5C0
http://www.pablo.com.mx 
http://www.debianmexico.org



-------------------------------------------------------
This SF.Net email is sponsored by: SourceForge.net Broadband
Sign-up now for SourceForge Broadband and get the fastest
6.0/768 connection for only $19.95/mo for the first 3 months!
http://ads.osdn.com/?ad_id%62&alloc_ida84&op=click