Membership/role providers vs. transaction!
-
Hi folks, I got a general question that I cannot find the answer for. Consider a 3-tier application architecture with a Web Service handling the business layer (BL) logic. The BL provides the client the facility to create/update/delete or query any given Employee account within the system. Each employee has got a username/password pair that's supposed to be stored in the *aspnetdb* database using the Membership API. The question is that how a client is supposed to create an employee account with one web method, and create a new user name with another web method, *transactionally* under a *stateless* web service???
[WebMethod] void CreateEmployee(Employee employee) { } [WebMethod] void CreateUser(string username, string password) {}How am I supposed to keep the integrity of the system? Maybe, you suggest the following WebMethod instead of those two:void CreateEmployee(Employee employee, string username, string password) {}However, this introduces a new bunch of problems under the UpdateEmployee/DeleteEmployee and the like methods. What should be done to handle the issue rationally? Thank you for your time, Mehdi -
Hi folks, I got a general question that I cannot find the answer for. Consider a 3-tier application architecture with a Web Service handling the business layer (BL) logic. The BL provides the client the facility to create/update/delete or query any given Employee account within the system. Each employee has got a username/password pair that's supposed to be stored in the *aspnetdb* database using the Membership API. The question is that how a client is supposed to create an employee account with one web method, and create a new user name with another web method, *transactionally* under a *stateless* web service???
[WebMethod] void CreateEmployee(Employee employee) { } [WebMethod] void CreateUser(string username, string password) {}How am I supposed to keep the integrity of the system? Maybe, you suggest the following WebMethod instead of those two:void CreateEmployee(Employee employee, string username, string password) {}However, this introduces a new bunch of problems under the UpdateEmployee/DeleteEmployee and the like methods. What should be done to handle the issue rationally? Thank you for your time, MehdiThis may help you understand web service security: http://www.15seconds.com/issue/020312.htm
-
Hi folks, I got a general question that I cannot find the answer for. Consider a 3-tier application architecture with a Web Service handling the business layer (BL) logic. The BL provides the client the facility to create/update/delete or query any given Employee account within the system. Each employee has got a username/password pair that's supposed to be stored in the *aspnetdb* database using the Membership API. The question is that how a client is supposed to create an employee account with one web method, and create a new user name with another web method, *transactionally* under a *stateless* web service???
[WebMethod] void CreateEmployee(Employee employee) { } [WebMethod] void CreateUser(string username, string password) {}How am I supposed to keep the integrity of the system? Maybe, you suggest the following WebMethod instead of those two:void CreateEmployee(Employee employee, string username, string password) {}However, this introduces a new bunch of problems under the UpdateEmployee/DeleteEmployee and the like methods. What should be done to handle the issue rationally? Thank you for your time, Mehdihere's another link: http://samples.gotdotnet.com/quickstart/aspplus/doc/secureservices.aspx
-
This may help you understand web service security: http://www.15seconds.com/issue/020312.htm
Ooops! You simply didn't get my point. :( I didn't ask you how to develop a "secure web service"! I was just talking about ASP.NET Membership/Role providers and how to get the job done under a given transaction. It has got nothing to do with SOAP headers, nor the IIS A&A mechanisms. Anyway, thanks.