SOAP - Custom authentication when user/password is in Body
I have to create a SOAP WebService that receives the username/password as part of a field in the Request. I have no control of the client's application.
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:tem="http://tempuri.org"> <soapenv:Body> <tem:ProcessRequest> <!--Optional:--> <tem:myRequest> <tem:NomUtilisateur>ACGendron</tem:NomUtilisateur> <tem:MotDePasse>MyPassword</tem:MotDePasse> <!-- Other request fields --> <tem:PrenomMere>?</tem:PrenomMere> <tem:NumeroTelephone>?</tem:NumeroTelephone> <tem:CodeInstallation>1</tem:CodeInstallation> </tem:myRequest> </tem:ProcessRequest> </soapenv:Body> </soapenv:Envelope> ...
I'm looking for advice on the best way to authenticate the user. I could verify that the user/password is correct using %session.Login(user, pass) in my WebMethod and throwing a SoapFault when this fails but I'm not sure it's the best way of doing things in my %SOAP.WebService. Perhaps there is a callback I can implement or any properties I should set (Username, UsernameToken, etc.) for the proper SOAP Service internal work
Any help is welcome,