Last post Feb 02, 2008 05:18 PM by rstrahl
Feb 01, 2008 05:56 PM|me_williams2001|LINK
I have an advanced question in terms of Web Service Basic Authentication. This question involves a situation where an ASP.NET 2.x or 3.x application will consume a WSDL for a web service hosted on a machine using Jetty as its web server. Thus, we have
a .NET client speaking to a Java Web Service.
Now, of course Java does not work with AD security out of the box. For our implementation we will need to have our Java application accept Basic Authentication. Hence, our ASP.NET web application will need to consume the Web Service and submit credentials
via Basic Authentication.
Now, I know many of you are thinking that I can:
Unfortunately this is not possible in this case. It appears that ASP.NET is set up to only respond to the challenge of a web server if that web server includes the type of credentials expected in the HTTP Header. That is, an HTTP Header entry of:
Basic realm="WhereEver". Unfortunately, this web server implementation of Jetty does not return said HTTP Header Challenge. This web server only returns the Soap Error. ASP.NET does not respond
to the Soap Error, it simply gives me an exception containing the 401 error from the Web Server that is contained in the Soap Error.
Now, I am afraid that using a different Web Server is out of the question in that the Web Server is built into a propriatary piece of software we use. I am also afraid that modifying this code in the Web Server
is also not possible as our support form the vendor would go away with such a modification. So that leaves me with three options that I can see:
The third one I know how to do, but it defeats the purpose of this exercise for me. My exercise is to simply construct a WSDL that will simply bind my ASP.NET app easily to my Java Web Server.
Options 1 and 2 seem not so much difficult but rather impossible by the .NET framework.
Even in generating the WSDL C# class I find myself unable to access the WebRequest of the WSDL Proxy Class directly. Therefore, I am unable to add an HTTP Header to the WebRequest. Therefore,
I am unable to add the basic authentication to the WebRequest for submission each and every time I click submit (option 1).
Option 2 seems impossible from the fact that the response to the challenge is deep with in the bowels of ASP.NET. I do not know where this code lies. I do not know if I can even insert a class
in that process to answer the challenge of the SOAP Error.
Ok, now I ask my questions.
Are either options 1 or 2 a possibility? If so, can I get some reference application demonstrating such? I don't particularly care which solution it is. I just am looking forward to being able
to construct a web service that binds my ASP.NET application directly to my Java Web Service.
Please let me know if you have and ideas on how to perform this task.
Feb 02, 2008 05:18 PM|rstrahl|LINK
I haven't looked into this in quite some time but I think the solution you're looking for is to build an HttpModule that implements basic authentication. Basic Auth is easy enough to implement since passwords are passed in plain (base64) text which you can
use to log on and validate if necessary. You can use the Windows Logon APIs to authenticate users through Windows or choose your own custom authorization scheme (against a database or file for example or even in the web.config authorization section) if necessary
since you have full control over the user validation.
This might point you in the right direction:
+++ Rick ---