Authentication method for Web Service

[Arno]

Hi..

I am currently writing a manager that creates Windows Schedules remotely via. web services. I have just a few questions. What is the best way to Authenticate incoming requests (and remember the SOAP request can come from non .net clients i.e. J2EE)? I need to encrypt these SOAP messages - what is the common practise for this?

Regards,
Arno

 

[Chris Marchal[MSFT]]

MSDN has just posted the following on J2EE interop and may be useful for
architecting your app:

http://www.msdn.microsoft.com/library/default.asp?url=/library/en-us/dnpag/h
tml/jdni.asp

There are also standards in development that may be of use. These are
usually refered to as 'Web Service Enhancements'. The .NET stuff is here
and there should be equivalents elswhere on the web:

http://www.msdn.microsoft.com/webservices/

and here:

http://msdn.microsoft.com/webservices/building/wse/default.aspx?pull=/librar
y/en-us/dnwebsrv/html/wsejavainterop.asp

On a more practical level, SSL may serve your encryption needs. If you are
able to use SSL then you could try basic authentication for authentication.
The credentials will be secured by the underlying transport.

You should also be able to encrypt data yourself using the cryptography
classes in the .NET framework and use Java classes to decrypt (or vice
versa) as they should all be based on the same crypto standards.

Chris Marchal
Microsoft UK Developer Support
This posting is provided "AS IS" with no warranties, and confers no rights.