Web Service Authentication Issue

hcl-bot · May 23, 2006, 10:16am

We are currently working with a Domino 7 Web Service and are to call it using a Visual Basic application (exe).

We are working with a Web Service that sends an email from Domino i.e. takes the values (sender, subject) from the VB app and create\sends an email

This is working OK if the Web Service runs on a Domino Server that does not require authentication (HTTP), however if we host the WS on Domino server that requires authentication it fails.

We have tried using a variety of methods to call the WS - Microsoft SOAP Toolkit and Web References within the .NET architecture.

But seem unable to pass a user name and password for authenticate, any ideas?

hcl-bot · May 24, 2006, 10:38am

Subject: Web Service Authentication Issue

Hi Aden,

Have a look at the redbook (if you haven’t done so already) “Lotus Domino 7 Application Development” (http://www.redbooks.ibm.com/Redbooks.nsf/RedbookAbstracts/redp4102.html?Open).

On p.75 there is a brief section about WS authentication:

"3.12.5 Authentication and Web services

In Lotus Notes and Domino 7, a Web service has the same security capabilities as an agent. In Example3-19, we use HTTP basic authentication to secure our Web service. Apache SOAP lets us send the user name and password with the SOAP request by adding an instance of the class SOAPHTTPConnection to the Call object.

Example 3-19 Basic authentication with Apache SOAP

Call call = new Call();

SOAPHTTPConnection hc = new SOAPHTTPConnection();

hc.setUserName(userName);

hc.setPassword(password);

call.setSOAPTransport(hc);"

Hope this helps… =)

Regards,

Mike.

hcl-bot · May 24, 2006, 10:29am

Subject: Web Service Authentication Issue

I haven’t try this but following might work:

In your VB app, login to server using normal procedure (POST method to e.g. “http://server.com/names.nsf?login” with “username=john+doe&password=john123”). You will receive a session cookie.

Append the whole cookie(no need to parse it out) to your outgoing Web Service request as "Cookie: " HTTP header.

I am not really sure if adding additional HTTP headers is possible with SOAP toolkit. If not, you can specify username and password as part of the Web Service URL:

http://server.com/db.nsf/MyWebService?OpenWebService&username=jojh&password=pass

The session cookie is a better solution as it does not show username and password in the server logs.

An untested(by me) method to add cookie header to MSSOAP.SoapClient30:

soapclient.ConnectorProperty(“RequestHTTPHeader”) = “COOKIE: DomSessionID=376378732842384673467823623786”

/Andrei