J
Jon Bonnick
Hi,
I'm writing a web service and I can't find any docs that tell me
exactly what the standard behaviour should be for an authentication
failure. The client is going to preauthenticate and send Basic
Authentication information on the first request. I can handle this
authentication in one of two ways:
1. Use the capabilities of IIS to perform the authentication and
return an HTTP 401 error if the user login fails.
2. Allow anonymous within IIS but test the user's credentials in code.
Return a SOAP Fault on authentication failure.
Which of these approaches is preferred? Is one more 'standard' than
the other? We can't use WSE2 as we need to accomodate non .NET clients
that don't have the appropriate support as yet.
Thanks in advance for any help,
Jon Bonnick
I'm writing a web service and I can't find any docs that tell me
exactly what the standard behaviour should be for an authentication
failure. The client is going to preauthenticate and send Basic
Authentication information on the first request. I can handle this
authentication in one of two ways:
1. Use the capabilities of IIS to perform the authentication and
return an HTTP 401 error if the user login fails.
2. Allow anonymous within IIS but test the user's credentials in code.
Return a SOAP Fault on authentication failure.
Which of these approaches is preferred? Is one more 'standard' than
the other? We can't use WSE2 as we need to accomodate non .NET clients
that don't have the appropriate support as yet.
Thanks in advance for any help,
Jon Bonnick