Hi,
I've created a bunch of Web services, including an authentication
service. All services consume and return raw XML messages (no SOAP)
which works fine.
Now I would like to force clients to authenticate themselves before they
are allowed to access any of the services.
My idea is to implement a simple handler which checks whether an
authentication flag has been set in the ServiceGroupContext. In case
it's not available the only service accessible should be the
authentication service and an error response message should be sent. If
the flag has been set, all other services can be accessed until
ServiceGroupContext timed out or the client logged off.
What I can't see is how to send an error response from within a handler.
Any pointers, input, and additional suggestions are highly welcome.
Thanks,
Alex
