Im belatedly cross posting here. See my AXIS-user thread below. I need to implement an authentication mechanism that will still allow for interop. Should I cut the chase and delve into using the SOAP Header (ive used HTTP basic auth in my handlers so far) to provide auth info? What I like about Basic Auth is that the password is auto-encrypted in the request. Using the SOAPHeader it would have to sent as clear text, unless the client encrypted it.
Alternatively, can I can get my Handler to generate a 401 somehow? TIA Adam -----Original Message----- From: Adam.Leggett [mailto:[EMAIL PROTECTED]] Sent: Friday, February 15, 2002 1:46 PM To: '[EMAIL PROTECTED]' Subject: RE: Off topic .NET question Thanks thomas, But im slightly confused here. To authenticate to my AXIS service(s) I have a handler sitting in the request flow, that returns a SOAP Fault in the SOAP response if user cannot be authenticated. The AxisFault generated in the Handler is rethrown as ServletException so a 500 server error is returned as well. Can you not force the .NET to send basic auth 1st time round..surely u can? In my scenario, developers will know at design time that the service is password protected. Cheers Adam -----Original Message----- From: Thomas Börkel [mailto:[EMAIL PROTECTED]] Sent: Friday, February 15, 2002 1:04 PM To: [EMAIL PROTECTED] Subject: RE: Off topic .NET question HI! This (basic HTTP authentication) works here. .NET does not send the authorization info with the first attempt, but it sends it with the second attempt if the first attempt has been refused with HTTP error 401 and the correct challenge. It does the second attempt automatically, if the first one failed correctly. From then on, it sends the authorization always at the first attempt. This is normal HTTP client behavior AFAIK. Your are doing it correctly in your example, so it *should* work. Regards, Thomas > -----Original Message----- > From: Adam.Leggett [mailto:[EMAIL PROTECTED]] > Sent: Freitag, 15. Februar 2002 13:05 > To: Axis User ([EMAIL PROTECTED]) > Subject: Off topic .NET question > > > Currently, I am working to interop with an MS colleague using .NET > client with my AXIS service. I have a handler chain that uses LDAP to > authenticate/authorize access to my deployed service. Works > fine with my > AXIS client. Trouble is, we cant seem to be able to get .NET > to send the > required Authorization: Basic pair in the HTTP header. When looking at > tcpmon it doesn't appear. > > Heres the c# client code we think should set the basic auth, but it > doesn't. > > ICredentials credentials = new > NetworkCredential("username","password","mydomain"); > serviceInstance.Credentials = credentials; > > serviceResponse response = > serviceInstance.serviceMethod(serviceRequest); > > I know this is off topic, so any effort in answering this will be even > more appreciated here than usual. > > TIA > > Adam Leggett > UPCO > Direct Line: 0113 20 10 631 > Fax: 0113 20 10 666 > <http://www.upco.co.uk> > The contents of this email are intended for the named addressees and > may contain confidential and / or privileged material. If > received in error, > please contact UPCO on +44 (0)113 20 10 600 and then delete > the entire email > from your system. Unauthorised review, distribution, > disclosure or other use > of this information could constitute a breach of confidence. Your > co-operation in this matter is greatly appreciated. > > >
