access Web servies - Integrated windows security -- dotnet web services

Jacob
11/7/2006 9:51:39 PM

I have some .NET web services deployed in IIS and having the Directory
security set to integrated windows security. I would like to call these
services form other web based applications written in PHP and Java. Is there
a way to pass the credentials as part of the XML used to call the web
service? Maybe as part of the XML header similar to:
<soap:Header>
<AuthHeader xmlns="http://tempuri.org\">
<UserName>domain\userID</UserName>
<Password>password</Password>
</AuthHeader>

Is this possible? Your help is highly appreciated.

Pablo Cibraro [MVP]
11/8/2006 9:48:59 AM

Hi Jacob,

Integrated windows authentication is negociated through a serie of HTTP
headers (It is a complicated procol indeed). Perhaps, you can use a normal
..NET client or IE browser and see what HTTP messages are interchanged using
a trace tool.
It does not have anything to do with SOAP, as I said, it is negociated at
HTTP trasport level. If you want to pass the credentials as part of the SOAP
message, you should consider a message security approach using WS-Security.

Regards,
Pablo.

[quoted text, click to view]

dotnet web services : access Web servies - Integrated windows security