Author |
Message
|
ydsk |
Posted: Wed Aug 09, 2006 9:13 am Post subject: id/pwd authentication in WMB v6 webservices |
|
|
Chevalier
Joined: 23 May 2005 Posts: 410
|
We are calling an external .NET webservice from within a msgflow using a HTTPRequest node on a Solaris v6 broker.
The webservice needs to authenticate the msgflow so they asked us to send an id/pwd along.
Can we send an id/pwd pair in a HTTP header or elsewhere to the external webservice ?
Any experiences around this area ?
Please post.
Thanks.
ydsk. |
|
Back to top |
|
 |
ydsk |
Posted: Wed Aug 09, 2006 11:11 am Post subject: |
|
|
Chevalier
Joined: 23 May 2005 Posts: 410
|
I was told that one of the differences w.r.t dealing with webservices between MB and WAS is that ... WAS supports built-in authentication whereas MB doesn't. So, we need to do round-about ways of passing user-id/pwd like in:
InputRoot.HTTPRequestHeader.UserId = 'SomeUser';
InputRoot.HTTPRequestHeader.Password = 'SomeUser';
The disadvantage is Password will be in plaintext unless you encrypt it.
Can IBM Hursley guys or someone please comment on it ?
This is important and a bit urgent to me.
Thanks.
ydsk. |
|
Back to top |
|
 |
jefflowrey |
Posted: Wed Aug 09, 2006 11:22 am Post subject: |
|
|
Grand Poobah
Joined: 16 Oct 2002 Posts: 19981
|
There are webservices standards that specify methods of authenticating the requester.
WAS implements more WS-* standards than Broker does.
Currently. As far as I know.
You haven't really identified if the .NET services are using any of these WS-* standards for security. It's entirely possible that the .NET services have been written in complete ignorance of all the standards for passing authentication, and have implemented their own solution. _________________ I am *not* the model of the modern major general. |
|
Back to top |
|
 |
ydsk |
Posted: Wed Aug 09, 2006 2:20 pm Post subject: |
|
|
Chevalier
Joined: 23 May 2005 Posts: 410
|
Jeff,
The .NET webservice is yet to be built and that won't be done until the msgflows ( webservice clients) are built - i know it sounds very strange but that's our customer so, I won't comment on that part.
Currently the .NET team asked us what WS-security standards the broker supports so they can decide what/how to code their services.
Thanks. |
|
Back to top |
|
 |
jefflowrey |
Posted: Wed Aug 09, 2006 6:09 pm Post subject: |
|
|
Grand Poobah
Joined: 16 Oct 2002 Posts: 19981
|
So the entire interface is in flux.
This is good.
I don't know off the top of my head what WS-* standards broker supports. I *believe* that it's only the WS-basic profile.
You should probably open a PMR to get clarification. These things change fairly quickly - especially just after the release of an FP. _________________ I am *not* the model of the modern major general. |
|
Back to top |
|
 |
|