How to get user identity between differents web Services

Hello.

I have 2 web service projects. The first is WSAuthentication and has the Autenticate method; the second project is a web service called WSOrders and hast the SaveOrder method.

If I authenticate an user in WSAuthentication.Authenticate method, I can get user identity, but if WSOrders.SaveOrder method is invoke, I can't get the user identity.

Handling session doesn't work because that information doesn't passes between these web services. I don't want to put together both projects (build 1 project) to keep separeted design and implementation

What can I do to keep user identity in differents web services (in different DLL)

Thank you for help.

Edgar Lopez

.NET Development4

Hello, you likely need to enable impersonation in your first web service. that way your web service will act as the authenticated user when it calls the second web service.

here are some links that may help:

specifically related to authentication and impersonation:

http://msdn2.microsoft.com/en-us/library/aa302383.aspx#secnetch03_flowingidentity

good general information about web site security:

http://msdn.microsoft.com/practices/compcat/default.aspx pull=/library/en-us/dnnetsec/html/secnetlpmsdn.asp

and web service security:

http://msdn.microsoft.com/practices/compcat/default.aspx pull=/library/en-us/dnpag2/html/wssp.asp

hope this helps

thanks

Alex

Alex,

Thank you for the reading material. I'm downloading the material rigth now, so, I'll let you know what it's going on.

Edgar