Share via


Securing Data Services

We have received a lot of questions lately about how to authenticate calls to an ADO.NET Data Service.  Mike Taulty has created a nice post outlining some of the options for authenticating calls to data services.  Check it out here: https://mtaulty.com/CommunityServer/blogs/mike_taultys_blog/archive/2008/05/27/10447.aspx

 

-Mike Flasko

ADO.NET Data Services Framework, Program Manager

Comments

  • Anonymous
    July 29, 2008
    That blog post doesn't really answer the original question, of how to use HTTP Basic authentication, presumably to operate in a web-friendly manner regardless of the client consuming the service. It just side-steps the problem by using forms based authentication (in a hackish type way mind you), and in a .NET biased approach that wouldn't work well with other frameworks.I would hope this scenario is improved with a proper ASP.NET provided Basic Auth solution and the ability to call services from a web browser without resorting to using ASP.NET AJAX auto JS generated proxies.
  • Anonymous
    October 01, 2008
    A simpler approach I use is on the SendingRequest event handler for the data service add a request header with a key. Then on the data service server for a asp.net app in the Application_BeginRequest event look for requests made to the data service url and if the request header is missing end the request.var db= new ModelEntities(new Uri("http://service.svc");entities.SendingRequest += new db_SendingRequest(object sender, SendingRequestEventArgs e);protected static void db_SendingRequest(object sender, SendingRequestEventArgs e){   e.Request.Headers.Add("auth", "secretkey");}void Application_BeginRequest(object sender, EventArgs e){   if (Request.RawUrl.ToLower().Contains("service.svc"))   {       if (Request.Headers["auth"] != "secretkey")           Response.End();   }}
  • Anonymous
    November 27, 2008
    In the ASP.NET web application where i added ado.net data service as well as Entity Data model , there is no additional ascx file , so how can i put this method like  Application_BeginRequest()and how this can be workable in my project.Offcourse i add a request header with a key in my client application.Please help me out.Thanks
  • Anonymous
    February 17, 2009
    In the Mike's blog the example shows how to authenticate from within asp.net and how to use the AJAXscript library. But, how to authenticate from within Silverlight 2? (At the time of writing the article (27 may 2008), the SL2 wasn't available yet. The SL 2 version of .Net 3.5 doesn't include all the possibility that included in the full version. Thanks
  • Anonymous
    July 07, 2009
    Thank you for the suggestion and code, Michael.  This works for me.
  • Anonymous
    October 26, 2009
    Why I get 401 error when consume DataService svc using credentials through ISA proxy but no error when directly connect to dataservice server?
  • Anonymous
    June 23, 2013
    Dude this is silly what where you guys thinking when developing this awful platform. There is no easy way of authenticating the wcf data service and thats a major issue!!