I have an HttpModuke that performs authentication sitting in front of a webservice. Using SOAP and WS-S I can capture the client's credentials and mask them by wrapping the request input stream to prevent the service provider from discovering the values.
Accessing the same service using HTTP GET/POST or any REST invocation is proving a problem.
My 1st attempt was to use proprietary HTTP Headers which allow the client to send the credentials but I cannot mask or remove them in the HttpModule ("PlatformNotSupportedException"). My next thought was to have the client add userid and password values
in the HttpWebRequest.CookieContainer object. The HttpContext.Current.Request.Cookies property arrives at the HttpModule empty. I have set the service's web.config file to "cookieless = false" but no success. I'm still not sure,
even if I can get the cookies to arrive, whether I can remove them before allowing the service to process the message. Has anyone dealt with this, or something similar, in the past? Am I missing some setting on the client side? Thanks in
advance for any help available!
View Complete Post