Should I return a SOAP Fault or 401 (Forbidden) when authentication fails?

J

Jon Bonnick

Hi,
I'm writing a web service and I can't find any docs that tell me
exactly what the standard behaviour should be for an authentication
failure. The client is going to preauthenticate and send Basic
Authentication information on the first request. I can handle this
authentication in one of two ways:

1. Use the capabilities of IIS to perform the authentication and
return an HTTP 401 error if the user login fails.

2. Allow anonymous within IIS but test the user's credentials in code.
Return a SOAP Fault on authentication failure.

Which of these approaches is preferred? Is one more 'standard' than
the other? We can't use WSE2 as we need to accomodate non .NET clients
that don't have the appropriate support as yet.

Thanks in advance for any help,

Jon Bonnick
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

Forum statistics

Threads
473,743
Messages
2,569,478
Members
44,898
Latest member
BlairH7607

Latest Threads

Top