Should I return a SOAP Fault or 401 (Forbidden) when authentication fails?

Discussion in 'ASP .Net Web Services' started by Jon Bonnick, Mar 30, 2005.

  1. Jon Bonnick

    Jon Bonnick Guest

    Hi,
    I'm writing a web service and I can't find any docs that tell me
    exactly what the standard behaviour should be for an authentication
    failure. The client is going to preauthenticate and send Basic
    Authentication information on the first request. I can handle this
    authentication in one of two ways:

    1. Use the capabilities of IIS to perform the authentication and
    return an HTTP 401 error if the user login fails.

    2. Allow anonymous within IIS but test the user's credentials in code.
    Return a SOAP Fault on authentication failure.

    Which of these approaches is preferred? Is one more 'standard' than
    the other? We can't use WSE2 as we need to accomodate non .NET clients
    that don't have the appropriate support as yet.

    Thanks in advance for any help,

    Jon Bonnick
    Jon Bonnick, Mar 30, 2005
    #1
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. David Hunt
    Replies:
    4
    Views:
    11,285
    gullsinn
    Oct 4, 2009
  2. =?Utf-8?B?UnlhbiBSaWZl?=

    Return 401 Error Code To Browser With Forms Authentication

    =?Utf-8?B?UnlhbiBSaWZl?=, May 18, 2005, in forum: ASP .Net
    Replies:
    1
    Views:
    707
    Brock Allen
    May 18, 2005
  3. PLM
    Replies:
    6
    Views:
    330
    Martin Vorbrodt
    Aug 10, 2005
  4. Replies:
    1
    Views:
    235
    John Saunders [MVP]
    Nov 7, 2007
  5. Mark J. McGinty

    IIS HTTP 403.1 Forbidden: Execute Access Forbidden

    Mark J. McGinty, Dec 9, 2005, in forum: ASP General
    Replies:
    2
    Views:
    343
    Kyle Peterson
    Dec 9, 2005
Loading...

Share This Page