• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

WS-Security and multiple client capability

 
Michael Ernst
Greenhorn
Posts: 23
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,

I want to use WS-Security in my Web-Service for authentication. It should only be possible to access the service if a username and a client id is given. The username will be given as an authentication token but how to handle the client id. Whats the common practice to handle this? Is it the right and common way to create a second token because both identifiers are equally important?

Regards
 
Ulf Dittmer
Rancher
Posts: 42968
73
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
WS-Security only handles username and password. You don't mention passwords - do you have them? If not, you could use the password field to pass along the ID and then use that to perform whatever validation needs performing on the server.

But you probably need the ID in the actual service call as well, in order to customize the results of the call ... ? In that case it should be part of the service method's signature(s).

Or do you mean "token" in the WS-Security sense of the word, like an X509 token?
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic