| Author |
Message
|
| bh5008 |
 Posted: Thu Jan 22, 2009 4:48 am Post subject: calling webservice with basic auth security from WMB |
 |
|
Newbie
Joined: 22 Jan 2009
Posts: 4
|
hi
i will needing help from you guys .
there is a webservice exposed i need to make it secured using basic auth ..
is there any other way that i can make a webservice secure using WMB. please let me know.
if the valid userid and password is not passed a not authorized page shd be displayed..
please let me know regarding would appreciate for any help and response
bye |
|
| Back to top |
|
 |
| zpat |
| Posted: Thu Jan 22, 2009 5:06 am Post subject: |
|
|
Jedi Council
Joined: 19 May 2001
Posts: 5866
Location: UK
|
|
| Back to top |
|
|
| bh5008 |
| Posted: Thu Jan 22, 2009 5:20 am Post subject: |
|
|
Newbie
Joined: 22 Jan 2009
Posts: 4
|
| its not a https call its a http webservice call which is being exposed. so want to make it secure using basic auth while sending the request or suggest if any other way we could make it secure |
|
| Back to top |
|
|
| zpat |
| Posted: Thu Jan 22, 2009 6:03 am Post subject: |
|
|
Jedi Council
Joined: 19 May 2001
Posts: 5866
Location: UK
|
Then it is an unsecured web service.
Web services are meant to use standards not home-grown workarounds. |
|
| Back to top |
|
|
| radha* |
| Posted: Thu Jan 22, 2009 6:23 am Post subject: |
|
|
Newbie
Joined: 21 Jan 2009
Posts: 5
|
| before u want to access service x, try to route it thru services like login/logout, if login is success, then allow the user to access x service. |
|
| Back to top |
|
|
| bh5008 |
| Posted: Fri Jan 23, 2009 3:12 am Post subject: |
|
|
Newbie
Joined: 22 Jan 2009
Posts: 4
|
so i have to send the userid and password using the basic authorization right?
so how shd i make the webservice secure with userid and password . so how can i do that using http node..
can u suggest me with some examples |
|
| Back to top |
|
|
| bh5008 |
| Posted: Fri Jan 23, 2009 3:44 am Post subject: |
|
|
Newbie
Joined: 22 Jan 2009
Posts: 4
|
le me clear about my requirement i have webservice which is being exposed in the WMB i need to make it secured with userid and password so how should i make it secured. would appreciate response with examples.
its not a https secured .. |
|
| Back to top |
|
|
| Vitor |
| Posted: Fri Jan 23, 2009 3:53 am Post subject: |
|
|
Grand High Poobah
Joined: 11 Nov 2005
Posts: 26093
Location: Texas, USA
|
| bh5008 wrote: |
| its not a https secured .. |
So you have a "secured" web service which doesn't use https and therefore has the user id & password transmitted in clear text? 
Perhaps you could elaborate on your requirements a bit further, with especial attention to the "secure" aspect, and why https is not in use? Also why you're adopting a non-standard view on this?
More information in, more advice out. 
_________________
Honesty is the best policy.
Insanity is the best defence. |
|
| Back to top |
|
|
| paranoid221 |
| Posted: Mon Feb 02, 2009 3:01 am Post subject: |
|
|
Centurion
Joined: 03 Apr 2006
Posts: 101
Location: USA
|
Ok. This is a pretty common requirement.
To be able to do this the clients which call your web service should have the capability to set Basic Auth credentials as a Base64 encoded string in the HTTP header before they call your web service.
Once you get that request into your broker flow you can access this Basic auth credential string from HTTPInputHeader.Authorization field. The value is typically of the format: 'Basic cHpMgUn5XJmZ3JICBx=='
You'll then have to Base64decode this auth string into a username:password string pattern. You'll now split this string and say username = splitPart[0] and password = splitPart[1].
Once you get the username & passwd as mentioned above , the only way to authenticate the user is to compare these credentials against an external database which has been pre-populated with the list of users and their corresponding passwords who are allowed to access your webservice.
And if you have to reduce the number of calls to the database, you can cache them locally and refresh cache say every 60 mins or everytime you can't find a particular user in the local cache. If you are decent enough java programmer you have a plethora of options on optimizing your code at this point. 
Hope this is what you are looking for.
_________________
LIFE is a series of complex calculations, somewhere multiplied by ZERO. |
|
| Back to top |
|
|
|
|
