There are a number of ways, but a common way is to use HTTP authentication. If you are not worried about someone sniffing the packets, you can run this over plain HTTP. If you are worried about sniffing, you can use SSL to encrypt the packets.
Although this is a common way, it is not the only one. There are a number of initiatives within standards bodies to add security (typically more generally than just SOAP, and not restricted to authentication, e.g. XML Signature (http://www.w3.org/Signature/) and XML Encryption (http://www.w3.org/Encryption/2001/)). It seems likely that there is something on this topics at IBM developerWorks (http://www-106.ibm.com/developerworks/), and, as always, a search on "SOAP Security" or "SOAP authentication" on google will yield a flood of possible sources for you to wade through. Scott ----- Original Message ----- From: "Paco Avila" <[EMAIL PROTECTED]> To: "SOAP User" <[EMAIL PROTECTED]>; "SOAP Developer" <[EMAIL PROTECTED]> Sent: Friday, April 26, 2002 5:30 AM Subject: How can I add security to remote SOAP method invocation Hi, I have some SOAP methods exposed in a server and I need to restrict the use of these methods. The client should authentify himself to access them. How can I do this? Thanks in advance.
