Does the architecture allow for custom 'interceptors' / 'links' to be inserted into the message handling chain ?
-----Original Message----- From: Steve Loughran [mailto:[EMAIL PROTECTED]] Sent: 29 November 2002 06:19 To: [EMAIL PROTECTED] Subject: Re: WS Inetrop ----- Original Message ----- From: "Kameshwar Jayaraman" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Thursday, November 28, 2002 00:02 Subject: RE: WS Inetrop >Does this mean Axis can never consume a NTLM Auth based Web Service ? 1. there is no (easy) way for axis to get at the ntlm auth stuff under windows (its all native API stuff, if exposed at all), 2. i suppose someone could do something where you supply usernamne+password and talk NTLM auth if patent issues dont get in the way 3. but that would get rid of the whole reason for NTLM auth, seamless integration between local login 4. but that is ok because NTLM auth is not secure enough to be trusted. Its better than base64, but still vulnerable. So you shouldnt use it across the internet 5. also, if you use NTLM auth in your private network, you are using windows authentication for every single client, which then forces you to have a client license for every possible caller If we added ntlm support we'd only encourage use of an auth system which is insecure and expensive. HTTP digest support is more relevant, but again not there yet (I think)
