Best Webservice Authorization Methods

Question

Best Webservice Authorization Methods

I am creating a webpage associated with the web service being created.

now the webpage is simple. I can create a session to store login information that is passed to the web service with my jquery url calls to the web service.

but how to do this if there is access to my web service (client-side access through javascript ajax) on another website of another domain? will this call my webservice / login? userid = & password =, which returns sessionID, should this website remember sessionID and enable it on every call? example: order / outbound / create? address = & item = & companyName = & sessionID = 435hg34kh

?

I appreciate any help I could get on this topic.

not that it really has to do with the above question (I think), I program webservice in php.

+4

authentication web-applications login web-services

roguecoder Apr 15 '11 at 6:45

source share

1 answer

snowflake · Answer 1 · 2011-04-15T09:19:57+0000

Authentication using web services depends either on the HTTP / Soap protocols or in the service contract (a token is usually used).

The solution based on the first call, which receives the identifier and then exchanges the session identifier, is good for a call on the client side (which does not have access to HTTP / Soap protocols, only service parameters, in this case you usually use light Web services based on Rest).

A business party call can also be based on Basic Authentication or WS-Security. Ebay uses your approach for its web services, which are usually called from business applications (and not directly from the client’s browser).

One consequence is that the server and client must support the session token. Ultimately, you'll need a revocation service that logs out (preventing reuse of the login token).

Basic approach for cross domain. Javascript HTTP request registered here

Best Webservice Authorization Methods

More articles: