SOAP - Custom authentication when user/password is in Body
I have to create a SOAP WebService that receives the username/password as part of a field in the Request. I have no control of the client's application.
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:tem="http://tempuri.org">
<soapenv:Body>
<tem:ProcessRequest>
<!--Optional:-->
<tem:myRequest>
<tem:NomUtilisateur>ACGendron</tem:NomUtilisateur>
<tem:MotDePasse>MyPassword</tem:MotDePasse>
<!-- Other request fields -->
<tem:PrenomMere>?</tem:PrenomMere>
<tem:NumeroTelephone>?</tem:NumeroTelephone>
<tem:CodeInstallation>1</tem:CodeInstallation>
</tem:myRequest>
</tem:ProcessRequest>
</soapenv:Body>
</soapenv:Envelope>
...
I'm looking for advice on the best way to authenticate the user. I could verify that the user/password is correct using %session.Login(user, pass) in my WebMethod and throwing a SoapFault when this fails but I'm not sure it's the best way of doing things in my %SOAP.WebService. Perhaps there is a callback I can implement or any properties I should set (Username, UsernameToken, etc.) for the proper SOAP Service internal work
Any help is welcome,
Kind regards
Product version: IRIS 2020.1
$ZV: IRIS for UNIX (Red Hat Enterprise Linux for x86-64) 2020.1.1 (Build 408_0_21233U) Thu Oct 28 2021 15:14:45 EDT