Summary

Depending on the processing your web service performs, you might want to control which users can access the service methods. In this chapter you learned how to authenticate the users who connect to your site. Using the Internet Information Services, you can specify an application’s authentication requirements. As you learned, most websites and web services do not require user authentication. Programmers and administrators refer to users who have not been authenticated as anonymous users.

Next you learned that, using basic authentication, you can require a user to provide a username and password that correspond to a user account on the server. The problem with basic authentication is that the client program will send the username and password to the server as plain text, which a hacker can intercept and view. If you are using a Windows 2000 domain server, you can instead use digest authentication that protects the password information during network transmissions using a one-way hash function. Then, you examined forms authentication, which requires the use of cookies and client digital certificates that a server can request to authenticate a user. Finally, you learned how to create a NetworkCredentials object within your program that you can use to send username and password data to a web service that requires authentication.

In Chapter 9, you will learn how to encrypt the messages between a web service and client program using the secure sockets layer.