aspose file tools*
The moose likes Web Services and the fly likes How to configure Axis stubs for Integrated Windows Authentication ? Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » Web Services
Bookmark "How to configure Axis stubs for Integrated Windows Authentication ?" Watch "How to configure Axis stubs for Integrated Windows Authentication ?" New topic
Author

How to configure Axis stubs for Integrated Windows Authentication ?

Rr Kumaran
Ranch Hand

Joined: Sep 17, 2001
Posts: 548
Hi All,

I am trying to consume a web service on https and it uses .NET with Integrated Windows Authentication Security Mechanism. When I type the web service endpoint address in browser I am prompted for a login dialog and I login using username (in the format <domain name>\\<username> and password given by the web service provider.

Now I have generated stubs using AXIS 1.2 Final but I dont know how to pass or set the credentials (domain, username, password) in my client program. I tried <stub object>.setUsername and <stub object>.setPassword methods but I am not able to connect to the service and I always get HTTP Error Code 401.2 from the service. I am not sure this is right way to set credentials in my code. I tried searching this mailing list but no avail. Can anyone please help me.



Thanks & Regards,


RR Kumaran
SCJP 1.4
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 39547
    
  27
<rant>I have to question the wisdom of using a platform-specific technology like SOAP und tying it to a particular client by using Windows-only security mechanisms (by using the domain concept).</rant>

Username/password is the standardized mechanism for protecting HTTP resources; there are no provisions -at least in general SOAP implementations like Axis- to use Windows security. Maybe there's a .NET client implementation that can do this?


Ping & DNS - updated with new look and Ping home screen widget
Harish Madhavan
Greenhorn

Joined: Dec 10, 2003
Posts: 17
If i am right, your are challenged with HTTP authentication whenever you are trying to access any resource from your webapp.It is nothing to do with integrating axis with windows security.Using setUsername and setPassword on axis call object will not help.It is meant for HTTP Proxy credentials on the client side.
Suggest to disable the http authentication on server side and try.
Harish Madhavan
Greenhorn

Joined: Dec 10, 2003
Posts: 17
If i am right, your are challenged with HTTP authentication whenever you are trying to access any resource from your webapp.It is nothing to do with integrating axis with windows security.Using setUsername and setPassword on axis call object will not help.It is meant for HTTP Proxy credentials on the client side.
Suggest to disable the http authentication on server side and try.
Harish Madhavan
Greenhorn

Joined: Dec 10, 2003
Posts: 17
If i am right, your are challenged with HTTP authentication whenever you are trying to access any resource from your webapp.It is nothing to do with integrating axis with windows security.Using setUsername and setPassword on axis call object will not help.It is meant for HTTP Proxy credentials on the client side.
Suggest to disable the http authentication on server side and try.
Rr Kumaran
Ranch Hand

Joined: Sep 17, 2001
Posts: 548
Harish -

I am not sure what kind of HTTP Authentication (on server side) you are talking about. I was told that the service provider uses NTLM based Integrated Windows Authentication and so after googling I decided to use Commons HTTPClient to pass the right credentials to service.

To give you some background, if as a client to the web service type the web service endpoint address in the browser I am getting "You are not authorized to view this page" error but there is another client in another network who is getting a login dialog to enter domain\\username and password when he types the web service endpoint address in the browser. This makes me think that either the so called another client is in the same domain as the web service provider and I am not. Adding to this, I tried to use AXIS CommonsHTTPSender in my client side as told at http://marc.theaimsgroup.com/?l=axis-user&m=112006831107015&w=2 and I always get the exception "AxisFault ... faultString: (501)Not Implemented".

I am now confused how to proceed. Any thoughts ?
Harish Madhavan
Greenhorn

Joined: Dec 10, 2003
Posts: 17
NTLM authenticates a connection and not a request.
> Check if you are connecting to the target end point via a proxy
> NTLM requires HTTP keep-alives.So make sure you are not using HTTP 1.0

Harish
Rr Kumaran
Ranch Hand

Joined: Sep 17, 2001
Posts: 548
Hi Harish,

1.
>>Check if you are connecting to the target end point via a proxy
>>can you please tell me how do I do that.

Are you asking me to test using Apache COMMONS HttpClient. The only information I have is, if I type the webservice endpoint address of the form http://239.271.380.120/serveme/WS.asmx in my browser then I see in my browser "You are not authorized to view this page .. HTTP Error 401.2 - Unauthorized: Access is denied due to server configuration.
Internet Information Services (IIS)".


2.
>> NTLM requires HTTP keep-alives.So make sure you are not using HTTP 1.0
What are HTTP keep-alives ? How to check whether I am using HTTP 1.0 ?



Thanks & Regards,
D L
Greenhorn

Joined: Aug 12, 2005
Posts: 13
Try invoking your web service from SOAPscope Viewer using the free trial period .. mindreef.com .. I found it useful in troubleshooting some services.

After adding your WSDL to SOAPscope Viewer you can invoke webservice directly and insert the username, password, and inspect Request/Response.

You can inspect the authentication.

But your authentication error does seems to be related to IIS rather than web service authentication.
[ August 16, 2005: Message edited by: D L ]
Rr Kumaran
Ranch Hand

Joined: Sep 17, 2001
Posts: 548
D L -

My web service provider claims that he has "Integrated Windows Authentication" on hiw service and not basic authentication which is supported my SOAPscope and when I feed my WSDL to SOAPscope I see the request header as "Authorization: Basic OmF4cF9qdWwwNQ== "

Also, I have response header as "Status Line: HTTP/1.0 401 Unauthorized ".

So I dont think I cannot use SOAPscope to access a service that uses NTLM authentication (aka "Integrated Windows Authentication" ? )
Harish Madhavan
Greenhorn

Joined: Dec 10, 2003
Posts: 17
Kumaran,
Try to resolve the URL hit issue.You must get the same challenge for userid/password once you hit the URL http://239.271.380.120/serveme/WS.asmx.
My Question was :
> Are you part of the same domain as the NTLM ?
> Do you access "239.271.380.120" machine via a HTTP Proxy.
> To change to HTTP 1.1, go to IE > Tools > Interet Options Advanced tab.
Check for HTTP 1.1 settings.

Harish
Rr Kumaran
Ranch Hand

Joined: Sep 17, 2001
Posts: 548
when I type webservice endpoint address in my browser I always get HTTP Error Code 401.2. I dont think I am in the same domain as the web service(the web service provider has given me 'domain1' along with username and password and I am in domain 'tetrahed')

Also, in IE advanced tab configuration, there are 2 checkboxes. one "Use HTTP 1.1" (which is already checked in my case) and other "Use HTTP 1.1 through proxy connections". Do I need to check the later and what exactly is it ?
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: How to configure Axis stubs for Integrated Windows Authentication ?
 
Similar Threads
SAAJ (Web Service Client) and Integrated windows Authentication
Web application login using unix credentials
"Connection timed out" with HttpClient.
IIS Integrated Authentication + Tomcat Form-based (or basic) Authentication
Help needed to call a web service after TAM authentication - (401)Unauthorized