Web-service enforced authentication
-
Hello! I have large Java application, which is controlled through web-services. Some functions are available for anonymous users, it works ok. Some functions are only for authenticated users. The service expects login credentials in the http request. The following .net code
using System; using System.Net; class Program { static void Main(string[] args) { WebServiceX.SomeAPI api = new WebServiceX.SomeAPI.SomeAPI(); api.Credentials = new NetworkCredential("MyUserName", "MyPassword"); api.PreAuthenticate = true; api.Url = "http://mysite/myapp/api"; api.SoapVersion = System.Web.Services.Protocols.SoapProtocolVersion.Soap11; api.someMethod(parameter); } }throws an exception:System.Web.Services.Protocols.SoapException: java.rmi.RemoteException: ---omitted---: CLQAHDEBUG: Permission Denied : User anonymous does not have permission ---internal method name--- in System.Web.Services.Protocols.SoapHttpClientProtocol.ReadResponse(SoapClien tMessage message, WebResponse response, Stream responseStream, Boolean asyncCall ) in System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodNa me, Object[] parameters) in WebServicesConsumer2.LMSRoster.LMSRosterAPI.unrosterUsers(String[] in0) in .\WebServicesConsumer2\Web References\LMSRoster\Reference.cs:line 1 31 in WebServicesConsumer2.Program.Main(String[] args) in .\WebService sConsumer2\Program.cs:line 19Captured communication packets do not contain any credential data. Why? How to make it work? -
Hello! I have large Java application, which is controlled through web-services. Some functions are available for anonymous users, it works ok. Some functions are only for authenticated users. The service expects login credentials in the http request. The following .net code
using System; using System.Net; class Program { static void Main(string[] args) { WebServiceX.SomeAPI api = new WebServiceX.SomeAPI.SomeAPI(); api.Credentials = new NetworkCredential("MyUserName", "MyPassword"); api.PreAuthenticate = true; api.Url = "http://mysite/myapp/api"; api.SoapVersion = System.Web.Services.Protocols.SoapProtocolVersion.Soap11; api.someMethod(parameter); } }throws an exception:System.Web.Services.Protocols.SoapException: java.rmi.RemoteException: ---omitted---: CLQAHDEBUG: Permission Denied : User anonymous does not have permission ---internal method name--- in System.Web.Services.Protocols.SoapHttpClientProtocol.ReadResponse(SoapClien tMessage message, WebResponse response, Stream responseStream, Boolean asyncCall ) in System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodNa me, Object[] parameters) in WebServicesConsumer2.LMSRoster.LMSRosterAPI.unrosterUsers(String[] in0) in .\WebServicesConsumer2\Web References\LMSRoster\Reference.cs:line 1 31 in WebServicesConsumer2.Program.Main(String[] args) in .\WebService sConsumer2\Program.cs:line 19Captured communication packets do not contain any credential data. Why? How to make it work?To use the http authentication one has to override the GetWebRequest function and append http authorization header as follows:
using System; using System.Collections.Generic; using System.Text; using System.Web.Services.Protocols; using System.Net; namespace WindowsApplication1.WebServiceAPI { public class WebServiceAPIAuth : WebServiceAPI { public string UserName; public string Password; private string S2Base(string s) { byte [] ba; ba=Encoding.ASCII.GetBytes(s); return Convert.ToBase64String(ba); } protected override System.Net.WebRequest GetWebRequest(Uri uri) { CredentialCache cc = new CredentialCache(); WebRequest wr = base.GetWebRequest(uri); wr.Headers.Add(HttpRequestHeader.Authorization, "Basic "+S2Base(UserName+':'+Password)); return wr; } } }