>>>Connection information would normally be stored in the web.config file in the Web Service virtual directory.
>>
>>What's the syntax for accessing information stored in a web.config file?
>
>Probably something easy enough to find in documentation. <g>
>
>Naomi's reply is correct, but it is based on the old, 1.1 way of doing it. Things changed in 2.0 (but both syntaxes still work ... we have not gotten around to changing ours from the old way).
>
>

>// obsolete, but still works fine
>this.MyConnectionString = System.Configuration.ConfigurationSettings.AppSettings["ConnectionString"];
>
>// replaced with this: (be sure to add reference to System.configuration to the project)
>this.MyConnectionString = System.Configuration.ConfigurationManager.AppSettings["ConnectionString"];
>

>
>>So if I need to return a Customer record, then the WS would have a GetCustomer method, which would call GetCustomer
>>on a Customer class, which is then passing the request to a data access layer?
>
>Right. And we always return a string from a Web Service when we're returning data. So, to return a DataSet from the Web Service method, simply return this and your DataSet will get serialized to an XML string:
>
>

>return MyDataSet.GetXml();
>

>
>>I'm not sure what I mean. I guess I'm wondering what's stopping anyone at all from accessing the data through
>>the WS. Do I handle security in the DB? Or is there another approach?
>
>Well, https would certainly prevent anyone from accessing it without the proper credentials.

Not true I'm afraid. HTTPS ensures data is encrypted but has nothing to do with Authentication/Authorisation.....

Don't ask me how to set up https though, because I don't know ... sorry. It's not a part of what I do that I need to know (I don't do the installation stuff <g> and I don't know much about IIS and security, etc. Sorry).
>
>~~Bonnie