My bad, I should have stated more clearly. I need to provide authentication for both the client and the server, which can be written in Java or .Net, and run on Solaris/Linux (Java) or Windows (.Net). The authentication needs to be more secure than basic clear password through the wire.
I only mention NTLM as something I have looked into. Not necessarily something I wanted. On Tue, Dec 23, 2008 at 9:06 AM, Nandana Mihindukulasooriya <[email protected]> wrote: > If you use NTLM authentication, that has to be provided by hosting server > (eg. In Tomcat [1]). But I don't think this will work on Linux. What is the > specific reason for you to choose NLTM Authentication for the server ? Did > you consider all other options [2] ? Other option would be to use > WS-Security Username token [3] which will be interoperable with any web > service on any platform. > > thanks, > nandana > > [1] - http://jcifs.samba.org/src/docs/ntlmhttpauth.html > [2] - > http://blogs.msdn.com/drnick/archive/2006/05/12/understanding-http-authentication.aspx > [3] - http://wso2.org/library/3190 > > On Thu, Dec 18, 2008 at 10:03 PM, Nan Null <[email protected]> wrote: >> >> I need to implement both the client and the server of a webservice. >> It needs to be secured. The server end is implemented in Java Axis2 >> and runs under Unix. However, I have to create it in a way that if >> the server is re-implemented with .Net and running under Windows, then >> the client will still work. >> >> Please tell me what is authentication method to use for this. I >> rather avoid the basic scheme. I am looking at NTLM, but the document >> for Axis2 on the server side is very little. Would NTLM >> authentication on the server side of a webservice works in a Unix box? >> Is there any issue with it (since NTLM is Windows based >> authentication). > > > > -- > Nandana Mihindukulasooriya > WSO2 inc. > > http://nandana83.blogspot.com/ > http://www.wso2.org >
