November 28, 2001 - Avoiding Repeated Authentication

Yehuda Shiran November 28, 2001
Avoiding Repeated Authentication
Tips: November 2001

Yehuda Shiran, Ph.D.
Doc JavaScript

Some Web applications, especially in the personal and financial information areas, require Secure Sockets Layer (SSL) authentication to verify the identity of the caller. Some user scenarios, such as online stock trading, may require several calls to the Web service.

The use of Web services over HTTP is stateless. i.e. it does not have any history. Each remote method call to a Web service is independent of the previous calls, and cannot share any information already sent to the remote service. When each call involves authentication, repeated requests for authentication result in a frustrating and impractical user experience.

The WebService behavior does include SSL authentication data (username and password), but it does not persist this data by default. Instead, the WebService behavior provides the useOptions object, which can be used to keep the authentication information from one call to the next. The useOptions object enables the persistency of the SSL authentication information.