Can't webservices, being delivered over HTTP, make use of cookies, and the session values stored therein? Then you only need to program the service consumer to recognize set-cookie headers, and send cookie headers with each request.
I haven't used webservices outside of the built-in flash remoting stuff, which supports sessions via cookies. Are cookies verboten in more standardized webservices?
Nat Papovich wrote:
So Barney, you have an additional required parameter on all your methods (other than beginSession())?
NAT
-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Barney Boisvert Sent: Monday, April 12, 2004 10:27 AM To: [EMAIL PROTECTED] Subject: RE: [CFCDev] web services authentication
We've set it up to use a session ID. First method called by a client is beginSession() which takes a set of credentials, and returns an ID. That id is then passed with all future invocations. Those IDs are used to map directly back to our standard client management system through the web service facades.
Cheers, barneyb
-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Nat Papovich Sent: Monday, April 12, 2004 10:20 AM To: CFC Subject: [CFCDev] web services authentication
I'm interested to know if anyone is securing their published web service CFCs, and if so, how they are doing it. Is anyone using the username and password attribute of the cfinvoke tag?
NAT
Nat Papovich Senior Partner & Development Director Fusium, Inc. 503-226-7099
---------------------------------------------------------- You are subscribed to cfcdev. To unsubscribe, send an email to [EMAIL PROTECTED] with the words 'unsubscribe cfcdev' in the message of the email.
CFCDev is run by CFCZone (www.cfczone.org) and supported by Mindtool, Corporation (www.mindtool.com).
An archive of the CFCDev list is available at www.mail-archive.com/[EMAIL PROTECTED]
---------------------------------------------------------- You are subscribed to cfcdev. To unsubscribe, send an email to [EMAIL PROTECTED] with the words 'unsubscribe cfcdev' in the message of the email.
CFCDev is run by CFCZone (www.cfczone.org) and supported by Mindtool, Corporation (www.mindtool.com).
An archive of the CFCDev list is available at www.mail-archive.com/[EMAIL PROTECTED]
----------------------------------------------------------
You are subscribed to cfcdev. To unsubscribe, send an email
to [EMAIL PROTECTED] with the words 'unsubscribe cfcdev' in the message of the email.
CFCDev is run by CFCZone (www.cfczone.org) and supported by Mindtool, Corporation (www.mindtool.com).
An archive of the CFCDev list is available at www.mail-archive.com/[EMAIL PROTECTED]
--
Ben Curtis
WebSciences International
http://www.websciences.org/
v: 310 478 6648
f: 310 235 2067----------------------------------------------------------
You are subscribed to cfcdev. To unsubscribe, send an email
to [EMAIL PROTECTED] with the words 'unsubscribe cfcdev' in the message of the email.
CFCDev is run by CFCZone (www.cfczone.org) and supported by Mindtool, Corporation (www.mindtool.com).
An archive of the CFCDev list is available at www.mail-archive.com/[EMAIL PROTECTED]
