Web Service - authentication

hcl-bot · November 19, 2007, 4:18am

Hi all

I have a web service (based on the BookStore database created by Julian Robichaux)

The web service is hosted on a Domino 7.0.1 server, and will provide information about documents stored in a DMS.

The web service is SOAP RPC/encoded.

The consumer, in this case, will be a java application running on a SAP portal server.

The Domino server is set up using session based authentication, and web config.

I know web services only respond to HTTP error messages, they don’t process HTML forms.

I also know that starting in Domino 7.02 you can work around this by creating an Internet Site rule of type “Override session authentication” for

the pattern “?OpenWebService”. This does require Internet Sites be used for the server running the web service.

So the question is then:

How to authenticate with the web service from a java

application when web service is on Domino 7.0.1 and/or when internet sites is not used ?

Any tips/information/solutions! will be greatly appreciated !!

best regards,

Petter Kjeilen

hcl-bot · November 19, 2007, 7:12am

Subject: Web Service - authentication

I tend to think: No way.

But you better not rely just on my basic understanding here.

hcl-bot · November 28, 2007, 7:56am

Subject: RE: Web Service - authentication

Hi

I figured out how to do this using LotusScript.

'Start Code

Dim xmlHTTP As Variant

Dim strURL As String

Dim strUser As String

Dim strPassword As String

strURL=“https://por12lddm.hydro.com/C12572FF0036B6E1/(DMGetBindersV7)?OpenAgent”

strUser=“Petter Kjeilen”

strPassword=“xxxxxx”

Set xmlHTTP = CreateObject(“MSXML2.ServerXMLHTTP”)

xmlHTTP.open “GET”, strURL, False, strUser, strPassword

xmlHTTP.setRequestHeader “Authorization”, “Basic " & Base64Encode(strUser+”:"+strPassword)

xmlHTTP.send

strHTTPReturn = xmlHTTP.responseText

Messagebox(strHTTPReturn)

'End Code

The Messagebox prompts the correct response from the agent !

Notice that I have to set the RequestHeader and I have to Base64Encode the username + password.

I guess I can use this approach from Java as well.

regards,

Petter

hcl-bot · November 28, 2007, 9:02am

Subject: RE: Web Service - authentication

You are right.

I just tested this using the Firefox Add-on Modify Headers and it works, indeed.

I must admit, that I had always expected the server to reject basic authentication requests, if session based authentication is enabled. This is not the case and I could have concluded so from what I find in our web server logs occasionally.

Good to know.

hcl-bot · November 24, 2007, 10:56am

Subject: Web Service - authentication

Hi. If you use a java application it cannot be a problem, I even did it with C#. Please have al look to the C# code:cookies = new CookieContainer();

HttpWebRequest myWebRequest =

(HttpWebRequest)HttpWebRequest.Create(

myWebService.Url.Substring(0,

myWebService.Url.IndexOf(‘?’)) + “?login&username=” +

userName + “&password=” + userPassword

+ "&redirectTo=" +  

myWebService.Url.Substring(myWebService.Url.IndexOf('/',  

10)));

myWebRequest.AllowAutoRedirect = true;

myWebRequest.CookieContainer = cookies;

WebResponse myResponse = myWebRequest.GetResponse();

myWebService.CookieContainer = cookies;

hcl-bot · November 27, 2007, 3:08am

Subject: RE: Web Service - authentication

Are you sure?

If the server is setup for single server session based authentication, it should definitely NOT accept passing username and password as url parameters. That would be even worse than basic authentication.