Hi Christian,
We also have something similar
going on. Our application exposes APIs and we don't want our clients
to go through a log-in page if they are valid users.
There is something known as
pre-authentication but require a lot of prerequisites. Here's a link to
it
- Is there such concept of user/password
authentication in interoperable SOAP/WSDL, apart from putting a "user",
"password" parameters to my WS interface's methods? How about HTTP
headers?
I think you meant SOAP Headers. If
that's the case then both Java and .NET client can interpret and take
actions against the SOAP header
- Does Axis support this? I saw the note in the
docs about the "sister project"?
I think so but I not very sure.
- Any other way we could use to achieve this
transparent (and secure) transport of user credentials that are
.NET/Axis compatible?
Yes,
SOAP headers can do justice.
I
hope that helps.
Sunil
Kothari
DISCLAIMER:
Any Information contained or transmitted in this e-mail and / or
attachments may contain confidential data, proprietary to Majoris
Systems Pvt Ltd., and / or the authors of the information and is
intended for use only by the individual or entity to which it is
addressed. If you are not the intended recipient or email appears to
have been sent to you by error, you are not authorised to access, read,
disclose, copy, use or otherwise deal with it. If you have received
this e-mail in error, please notify us immediately at mail to:
[EMAIL PROTECTED] and delete
this mail from your records.
This is to notify that Majoris Systems Pvt Limited shall have no
liability or obligation, legal or otherwise, for any errors, omissions,
viruses or computer problems experienced as a result of this
transmission since data over the public Internet cannot be guaranteed
to be secure or error-free.
-----
Original Message -----
Sent:
Tuesday, February 08, 2005 7:18 PM
Subject:
WS Authentication & Authorization
Hi
all,
I
am working on a project that will expose a WS for B2B (u-uh buzzword
here). The server-side (our side) is Axis/Java, and the client side
will be .NET (developed by another company).
Our
company already has a security framework in place, where incoming HTTP
requests, from outside to internal secured portals and web sites, are
intercepted in a DMZ. The user is forced to authenticate himself, and
the FW makes sure he has the right to access the destination site
(authorization).
We
would like to reuse this framework for the WS project, where incoming
WS/HTTP(S) requests will be intercepted, the tool will "somehow" get
the user/password, authenticate & authorize the user, then forward
the request to the destination WS. Since is A2A/B2B, it is not
possible to show a login page. So the credentials must be transported
along with the SOAP request to our WS methods.
My
questions:
- Is
there such concept of user/password authentication in interoperable
SOAP/WSDL, apart from putting a "user", "password" parameters to my WS
interface's methods? How about HTTP headers?
- Does
Axis support this? I saw the note in the docs about the "sister
project"?
- Any
other way we could use to achieve this transparent (and secure)
transport of user credentials that are .NET/Axis compatible?
Any
help, pointers and links are appreciated.
Best
regards,
Christian
Faucher
"Ce
message est confidentiel, a l'usage exclusif du destinataire ci-dessus
et son contenu ne represente en aucun cas un engagement de la part de
AXA, sauf en cas de stipulation expresse et par ecrit de la part de
AXA. Toute publication, utilisation ou diffusion, meme partielle, doit
etre autorisee prealablement. Si vous n'etes pas destinataire de ce
message, merci d'en avertir immediatement l'expediteur."
"This e-mail message is confidential, for the exclusive use of the
addressee and its contents shall not constitute a commitment by AXA,
except as otherwise specifically provided in writing by AXA. Any
unauthorized disclosure, use or dissemination, either whole or partial,
is prohibited. If you are not the intended recipient of the message,
please notify the sender immediately."