Web services Authentication Jungle

Posted by redben on Stack Overflow See other posts from Stack Overflow or by redben
Published on 2010-05-18T10:31:22Z Indexed on 2010/05/19 23:30 UTC
Read the original article Hit count: 272

Filed under:

web-services

|

authentication

I have been doing some research lately about best approaches to authenticating web services calls (REST SOAP or whatever). ~~But none of the Approaches convinced me...~~ But i still can't a make a choise...
Some talk about SSL and http basic authentication -login/password- which just seems weird for a machine (i mean having to assign a login/password to a machine, or is it not ?).
Some others say API keys (seems like these scheme is more used for tracking and not realy for securing).
Some say tokens (like session IDs) but shouldn't we stay stateless (especially if in REST style) ?

In my use case, when a remote app is calling one of our web services, i have to authenticate the calling application obviously, and the call must - if applicable - tell me which user it impersonates so i can deal with authorization later.

Any thoughts ?

© Stack Overflow or respective owner

Related posts about web-services

Testing your Web services using the Data Web Services Test Client

as seen on Internet.com - Search for 'Internet.com'
Paul Zikopoulos introduces you to the Data Web Services Test Client that's available in IBM Data Studio Version 1.2 or later >>> More
Webservices error for dev.virtualearth.net/webservices/geocode

as seen on Stack Overflow - Search for 'Stack Overflow'
I am getting the following stacktrace and have no idea what I am looking at and how to debug and fix it: Here is the error: Description: An error occurred during the parsing of a resource required to service this request. Please review the following specific parse error details and modify your… >>> More
Setting up Metro 2.0 with Jetty 7

as seen on Stack Overflow - Search for 'Stack Overflow'
This question relates to a previous question of mine. I am attempting to set-up a low overhead Web Container using Jetty 7 that I can deploy Web Services using Metro 2.0. I have installed the following Metro 2.0 libs into jetty/lib: webservices-extra-api.jar webservices-extra.jar webservices-rt… >>> More
Interview questions about ASP.NET Web services.

as seen on ASP.net Weblogs - Search for 'ASP.net Weblogs'
I have seen there are lots of myth’s about asp.net web services in fresher level asp.net developers. So I decided to write a blog post about asp.net web services interview questions. Because I think this is the best way to reach fresher asp.net developers. Followings are few questions about asp.net… >>> More
Service-Oriented Architecture and Web Services

as seen on DotNetBlocks - Search for 'DotNetBlocks'
Service oriented architecture is an architectural model for developing distributed systems across a network or the Internet. The main goal of this model is to create a collection of sub-systems to function as one unified system. This approach allows applications to work within the context of a client… >>> More

Related posts about authentication

Configuring Fed Authentication Methods in OIF / IdP

as seen on Oracle Blogs - Search for 'Oracle Blogs'
In this article, I will provide examples on how to configure OIF/IdP to map OAM Authentication Schemes to Federation Authentication Methods, based on the concepts introduced in my previous entry. I will show examples for the three protocols supported by OIF: SAML 2.0 SSO SAML… >>> More
windows authentication vs sql server authentication for asp.net forms authentication site

as seen on Stack Overflow - Search for 'Stack Overflow'
I have a database and a site having forms authentication. It is working fine with VS2008. This time, I am using "Trusted_connection =True". But when it is opened from outside or directly from browser then I am getting error "Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'." I know this is due… >>> More
Disable authentication on subfolder(s) of an ASP.NET app using windows authentication

as seen on Stack Overflow - Search for 'Stack Overflow'
Hi, Is it possible to disable windows authentication on one or more subfolders of an ASP.net application using windows authentication? >>> More
AutoCompleteExtender - authentication failure (forms authentication)

as seen on Stack Overflow - Search for 'Stack Overflow'
I'm using the AutoCompleteExtender from the AJAX control toolkit on my aspx page - I have it wired up to a WCF service that is returning a string array and everything works happily. If I change my service definition to include a demand for the caller to be authenticated, like so: <OperationContract()… >>> More
Ruby on Rails , functionalities having twitter authentication and email authentication (autlogic and

as seen on Stack Overflow - Search for 'Stack Overflow'
Hi Experts, I would like to ask your guidance on how to authenticate using email add/ the basic log-in while having also a twitter log-in, twitter authentication works fine but if having an alternative log-in like using basic sign-up and email log-in part wont work.... any ideas please...? >>> More