+1-888-365-2779
Try Now
More in this section

Forums / Developing with Sitefinity / Using TelerikMembershipProvider object in a webservice

Using TelerikMembershipProvider object in a webservice

4 posts, 0 answered
  1. Marc
    Marc avatar
    2 posts
    Registered:
    04 Jan 2011
    05 Jan 2011
    Link to this post
    I am attempting to instantiate and use the TelerikMembershipProvider object in a webservice.  So far I have done the following:

    1.  Create a standard webservice utilizing .Net 3.5.
    2.  Add references to Telerik.DataAccess, Telerik.Framework and Telerik.Security to the project.
    3.  Added the following line to my WebMethod:
    TelerikMembershipProvider foo = new TelerikMembershipProvider();
    4.  Added the membership and framework sectionhandlers to the section group in web.config.
    5.  Added the membership config section to web.config.
    6.  Added the security config section to web.config.
    7.  Added a ConnectionString section to web.config.
    8.  Added a RoleManager section to web.config.

    Note: the items in 5-8 were copied from the web.config of a standard SiteFinity website my company is creating, so I believe the properties are correct.  At any rate they seem to match all of the examples I have been able to find on the web.

    My first question is whether this notion of using the membership provider in a web service is even feasible?

    My second question pertains to whether there are config sections required by the membership provider other than the ones listed above.

    My third question stems from the fact that when the line from #3 above is run there is no exception thrown but it does not appear to be initialized from the values in the membership config section (applicationName, number of password attempts, etc).  It is initialized to all 0s and nulls.  Is there an additional initialization step required when instantiating the object from a webservice?

    Thank you for your attention to these queries.

    Marc
  2. Radoslav Georgiev
    Radoslav Georgiev avatar
    3370 posts
    Registered:
    01 Feb 2016
    05 Jan 2011
    Link to this post
    Hi Marc,

    Thank you for using our services.

    The membership provider can be used in web services. However these web services should be running in the context of the Sitefinity website. Otherwise the providers will not initialize. In a nutshell you should create the service and host it on the Sitefinity website. Then you will call it externally and will use the service to return results.

    Best wishes,
    Radoslav Georgiev
    the Telerik team
    Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items
  3. Marc
    Marc avatar
    2 posts
    Registered:
    04 Jan 2011
    05 Jan 2011
    Link to this post
    Thank you for your response Radoslav,

    Our concern is that the SiteFinity site we are building is public-facing but we do not want the webservice to be exposed to the public, it is for interfacing with sensitive customer data in a back-end database.

    Our understanding is that if we include the webservice as part of the SiteFinity site then anyone can discover it and call it.  We are trying to refrain from implementing extra security in the webservice to keep it as fast as possible.

    Do you have any suggestion for including a webservice in a SiteFinity site but hiding it from the public.  Would it be possible to disable the discovery process via removal of .disco files?  Just shooting in the dark here and hoping that you have already run into this situation.

    Thanks,
    Marc
  4. Ivan Dimitrov
    Ivan Dimitrov avatar
    16072 posts
    Registered:
    09 Dec 2016
    05 Jan 2011
    Link to this post
    Hello Marc,

    One of the option is adding the web service under Sitefinity folder of the application which will require someone that want to use it to authenticate them before that. Another option is adding username and password as parameters of the case sensitive methods, so only users with an account will be able to get access to the services.

    Best wishes,
    Ivan Dimitrov
    the Telerik team
    Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items
Register for webinar
4 posts, 0 answered