CodeSmith Community

I am considering writing a patch that will add authentication to the web services.

I don't see any evidence that anyone else is working on this, but how can I make sure I'm not duplicating anyone elses efforts?

Why dont your create a http module to handle authentication on your webservice? 

It looks like it will be easier to extend the soap headers to include authentication.

I am unfamiliar with Codesmith template development (but I'm learning) so this seemed like the most straight forward way to handle it from the template perspective too.

Well, I suggested a http 'cause that´s what we've done here to authenticate to our webservices since we dind´t want to add every new user to AD.

Got it. It looks like for my purposes it will be easiest to implement it using AD/Local windows accounts. I did try to implement it by extending the soap headers but I couldn't make the refrence in VisualStudio work anymore and I couldn't make the webservice client connect.

My current plan is to create one user designed to access the web services and then embed that user's login information in the web services client. This will secure the webservices againt access by the general public. Any other access/permissions issues will be handled at the application level. So for my application I will have a seperate login process which will then classify the user's roles and permissions. In the background the webservice client will use the windows account in order to be allowed to make Webservice calls.