Hi,
I need to write a webService with authentication.
Namely: client applications must supply username + password ( which will be checked against our LDAP server ).
I'm new to this, so I'd appreciated it if someone could tell: how should my clients supply the password ?
- Is it customary to supply the username+password through standard HTTP headers (say, 'basic authentication') ?
- Or, is it handled by the webServices/security spec ? Does the <
soap:Envelope > message structure keep a dedicated tag for user/password info ? Something like:
<soap:Envelope...>
...
< ! -- dummy tag! -- >
<login user='jelly' password='secret' />
</soap:Envelope...>
Thanks very much.
