Authenticating users using SOAP webservice

Authenticating users using SOAP webservice

  

I developing application using outsystems, the user should login to the application to be able to view/do transactions on it, users should be authenticated using SOAP web service deployed on our ESB ( sending username, password to webservice). how can I authenticate the users using this web service



Could I authenticate apps users using custom provider through SOAP web services

Mohammad,

You can authenticate all requests using headers with your SOAP. 

Test using SOAPui.


Something like this

   <soapenv:Header>
      <User>USERTEST</User>
      <Password>--PASSWORD--</Password>
      <Token>--TOKEN--</Token>
   </soapenv:Header>

Have a look on HttpRequestHandler and have a look on GetRequestContent


And build the engine for authentication look at this screencast

SOAP HEADER


Dear Cesar,

Maybe i did not explained my requirements well. I am not trying to authenticate the service request. what i want to do is, when user tries to login to my system ( using login page) i want to check his credentials with my custom users repository using a web service (which is handle the authentication, users, passwords,....etc), so for example, 

  • on login action, get username and password
  • send username and password to web service (abcUsersService.AuthenticateUser(userName,pwd))
  • authentication login executed on the webservice, and 'authenticateUser' will return result of the authentication


i Hope i explained it well this time, you can say I want to build a custom membershipProvider (if not exists)



Hi Mohammed,

You could have several approaches. One would be to mirror the users from the external system in the Users table, so after the user has provided the credentials, and your web service has responded and everything's ok, check whether this user exists in the Users table, then log in with that user (using e.g. the User_Login action from Users). You could either manually add the user to the Users table (which is error prone) or automatically create it if it doesn't exists (User_Create). You can also add the right priviliges if the web service provides them (using the GrantXxxRole role actions), and use the roles the "normal" way with web screens etc.

Another approach is similar, but doesn't create the users in the Users table, but instead manages the roles by itself, e.g. in session variables.

Thanks Kilian,

regarding the first approach, I will check it and I think i go with it.

regarding to the second approach, you mean saving the result of authentication (which comes from my websrevice) into a session value and then on each page i have to validate if the session exists ? if not, please explain more for this approach.

Many thanks for your help !

Hi Mohammed,

For the 2nd approach, indeed saving the result of the authentication in Sessions Variables, and then checking yourself (e.g. in the preperation) whether the user has access to that page, etc. But I'd also opt for the first approach :).