Howdy, Stranger!
Categories
- All Categories
- 73 General
- 73 Announcements
- 66.6K Microsoft Dynamics NAV
- 18.7K NAV Three Tier
- 38.4K NAV/Navision Classic Client
- 3.6K Navision Attain
- 2.4K Navision Financials
- 115 Navision DOS
- 854 Navision e-Commerce
- 1K NAV Tips & Tricks
- 772 NAV Dutch speaking only
- 615 NAV Courses, Exams & Certification
- 2K Microsoft Dynamics-Other
- 1.5K Dynamics AX
- 304 Dynamics CRM
- 109 Dynamics GP
- 10 Dynamics SL
- 1.5K Other
- 993 SQL General
- 384 SQL Performance
- 34 SQL Tips & Tricks
- 34 Design Patterns (General & Best Practices)
- Architectural Patterns
- 10 Design Patterns
- 5 Implementation Patterns
- 53 3rd Party Products, Services & Events
- 1.7K General
- 1.1K General Chat
- 1.6K Website
- 79 Testing
- 1.2K Download section
- 23 How Tos section
- 260 Feedback
- 12 NAV TechDays 2013 Sessions
- 13 NAV TechDays 2012 Sessions
Using Nav authentication for website login
G8tor
Member Posts: 29
Hi
Im programming ASP.NET website that use Nav 2009 web services. This website needs to have user authentication system that authenticates users with login form at the beginning of the site.
Is it possible for me to do the authentication from the Nav side instead of creating new authentication system in .NET with SQL database and the overhead that comes with it.
My idea is that the login form sends the user and password through Nav codeunit webservice to function that validates the username and password and gives the respond back to the site that the use is authenticated or not. This will save me alot of work in .NET.
Is it possible, how and is there some security issues that I need to be aware of?
Im programming ASP.NET website that use Nav 2009 web services. This website needs to have user authentication system that authenticates users with login form at the beginning of the site.
Is it possible for me to do the authentication from the Nav side instead of creating new authentication system in .NET with SQL database and the overhead that comes with it.
My idea is that the login form sends the user and password through Nav codeunit webservice to function that validates the username and password and gives the respond back to the site that the use is authenticated or not. This will save me alot of work in .NET.
Is it possible, how and is there some security issues that I need to be aware of?
0
Comments
Also have a look at asp.net membership providers, these are designed for building authentication systems.
You can use the webservice for user validation. We have such an authentication already running with may of our customers.
Things to take in mind is security. Don't store the passwords plaintext, but use a hash and so. Only give one error: bad username/password combo.
If you start specifying the error for the user, it's not helping him, but potential attackers.
Other security measures also apply, but nothing specific for NAV or webservices
|To-Increase|
Of course using plain text would be very bad idea... You need at least a SSL encryption of your webservice and your website too (IMO). Please consider reading about login machanism etc in the net. There should be tons of articles about it. I definitly recommend codeproject.com for anything related with .net, asp.net, etc.
Yes, but my point was more that the users might be customers. And there is no way that I would recommend to create a windows user (and profile) for external users...
|To-Increase|
If it's about customers i would definitly use ASP.net Membership Providers, they are designed for that. Don't reinvent the wheel.
Thanks for the reply.