1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
|
<html dir="ltr"><head>
<META http-equiv="Content-Type" content="text/html; charset=UTF-8">
<META HTTP-EQUIV="assetid" CONTENT="HV01082332"><META NAME="lcid" CONTENT="1033"><title>Authenticating Research Service Users</title><link rel="stylesheet" type="text/css" href="office10.css"><script type="text/javascript" language="Javascript" src="ExpCollapse.js"></script><script type="text/javascript" language="JavaScript" src="inline.js"></script></head><body><p id="ExpandAllLine" class="ExpFav"><a href="#" onclick="ExpandAll()" onkeypress="ExpandAll()" class="DropDown"><img id="picHeader" border="0" src="expandtri.gif" alt="Show All"><span id="ExpandAll">Show All</span></a></p><h1>Authenticating Research Service Users</h1><p><b>Note</b> A complete discussion of authentication and authorization as it relates to XML Web services is beyond the scope of this SDK. For more information, see <a href=" " target="_new">ASP.NET Web Application Security</a> and related topics in the Microsoft® .NET Framework SDK.</p><p><a href="#" class="DropDown" onclick="Outline2()" onkeypress="Outline2()"><img border="0" src="blueup.gif" alt="Show">Authentication options</a></p><div id="ExpCol" class="collapsed" border="0"><p>If you need to collect fees from the users of your research service, restrict access to the service or to server-based resources used by the service, or if you just want to track the use of your service more effectively, you can authenticate users of your service. This requires them to identify themselves when they query the service. You can use any of the authentication options available in Microsoft Internet Information Services (IIS) and the Microsoft .NET Framework (except ASP.NET Passport authentication).</p>
<p><b>Note</b> Note that applying IIS Directory Security has no effect on ASP.NET authentication. The two systems are independent and are applied in sequence. After selecting authentication options, you must authorize authenticated users (or the account used for anonymous access) to access any resources required by the research service, such as files or databases. ASP.NET impersonation (enabled in the web.config file) may facilitate certain authentication and authorization scenarios.</p><p>IIS provides the first level of authentication and supports four authentication methods, consisting of the default Anonymous (no authentication) option and three options that require users to identify themselves as Microsoft Windows user accounts: Basic, Digest, and Integrated Windows Authentication.</p><p>ASP.NET provides the second level of authentication, consisting of options selected through settings in the web.config file.<ul><li><b class="bterm">Windows authentication</b> (the default) receives the user identity recognized by IIS. ASP.NET Windows authentication, in conjunction with IIS Integrated Windows authentication, will often be the choice of research service providers within an enterprise where all users are members of the same domain or a group of trusted domains.</li><li><b class="bterm">Forms authentication</b> requires the user to provide credentials and verifies those credentials against a source of the provider's choosing, such as a Microsoft SQL Server™ database. Forms authentication, in conjunction with IIS Anonymous authentication, will often be the choice of research service providers serving external users across the Internet.</li></ul></p>
<p><b>Note</b> Currently, the <b class="bterm">Research</b> task pane does not support ASP.NET Passport authentication.</p></div><p><a href="#" class="DropDown" onclick="Outline2()" onkeypress="Outline2()"><img border="0" src="blueup.gif" alt="Show">Implementing ASP.NET Forms authentication</a></p><div id="ExpCol" class="collapsed" border="0"><p>When a user submits a query to a research service that requires authentication using ASP.NET Forms authentication, the provider should remember the user's original query on the server (in <b class="bterm">Session</b> state, for example), then return a login form to the <b class="bterm">Research</b> task pane, as in the following sample response packet fragment:<pre><code><ResponsePacket xmlns="urn:Microsoft.Search.Response">
<Response domain="{5a1ff98f-2024-4c8e-ac9d-2d764c1f1379}">
<Status>SUCCESS</Status>
<Range>
<Results>
<Form xmlns="urn:Microsoft.Search.Response.Form"
revision="1">
<Edit id="UserID" width="20">
<Text>User Name:</Text>
</Edit>
<Edit password="true" id="Passwd" width="20">
<Text>Password</Text>
</Edit>
<Button id="SubmitButton" action="requery"
submitUrl=
"https://www.service.com/search.asmx" >
<Text>Log On</Text>
</Button>
</Form>
...
</code></pre></p><p>After processing the user's login, the provider should return the results of the user's original query. As shown in the example, the <b class="bterm">submitUrl</b> attribute can be used to submit the user's credentials to a URL that supports Secure Sockets Layer (SSL) encryption for additional security.</p><p>For more information about using forms in query responses, see <a href="rsQueryInterface.htm" id="HV01082269" lcid=" ">Handling Queries</a>.</p></div><p><a href="#" class="DropDown" onclick="Outline2()" onkeypress="Outline2()"><img border="0" src="blueup.gif" alt="Show">Requesting payment for research services</a></p><div id="ExpCol" class="collapsed" border="0"><p>Research service scenarios that involve the authentication of registered users may also involve fee-based services. The <b class="bterm">Research</b> task pane uses a for-pay icon <img border="0" src="../img/1643.GIF" alt="For-pay icon"> to identify content that requires payment.</p><p>Research service providers can use the <b class="bterm">forPay</b> attribute with various elements in the <b class="bterm">Microsoft.Search.Response.Document</b> and <b class="bterm">Microsoft.Search.Response.Content</b> namespaces in a query response to display the for-pay icon automatically next to the text of a hyperlink. The following example uses the <b class="bterm">Hyperlink</b> element from the <b class="bterm">Microsoft.Search.Response.Content</b> namespace.</p><p><pre><code>
<Hyperlink url=”http://foo” forPay=”true”>
<Text>Read this article now</Text>
</Hyperlink></code></pre>
</p><p>A typical scenario for the use of the <b class="bterm">forPay</b> attribute and icon might consist of a <b class="bterm">NewQuery</b> element that triggers a new query, resulting in a charge. The service provider may want to display the for-pay icon next to the hyperlink for submitting the new query as shown earlier. This SDK also includes the icon as a separate file (forPay.gif) to allow research service developers to display the icon in contexts where the <b class="bterm">forPay</b> attribute is not available to display it automatically. Alternatively, the service provider can use another icon of its choosing.</p><p>For more information about the elements that support the <b class="bterm">forPay</b> attribute, see <a href="rsxsdResponseDocumentDocs.htm" id="HV01087690" lcid=" ">Microsoft.Search.Response.Document Schema Documentation</a> and <a href="rsxsdResponseContentDocs.htm" id="HV01087688" lcid=" ">Microsoft.Search.Response.Content Schema Documentation</a>.</p></div><center><a href="XMLSchemaCopyright_HV01147162.htm">©2003-2004 Microsoft Corporation. All rights reserved.</a>
Permission to copy, display and distribute this document is available at: <a
href="http://r.office.microsoft.com/r/rlidAWSContentRedir?AssetID=XT010988631033&CTT=11&Origin=HV011232471033"
target="_new">http://msdn.microsoft.com/library/en-us/odcXMLRef/html/odcXMLRefLegalNotice.asp</a></center></body></html>
|
