This week's book giveaway is in the OO, Patterns, UML and Refactoring forum. We're giving away four copies of Refactoring for Software Design Smells: Managing Technical Debt and have Girish Suryanarayana, Ganesh Samarthyam & Tushar Sharma on-line! See this thread for details.
I need to write a webService with authentication. Namely: client applications must supply username + password ( which will be checked against our LDAP server ).
I'm new to this, so I'd appreciated it if someone could tell: how should my clients supply the password ? - Is it customary to supply the username+password through standard HTTP headers (say, 'basic authentication') ? - Or, is it handled by the webServices/security spec ? Does the < soap:Envelope > message structure keep a dedicated tag for user/password info ? Something like:
I'll blatantly advertise an article I wrote for the JavaRanch Journal on Web Services Authentication. It explains authentication using both HTTP and WS-Security with example code. You can find it here.