Web Services Authentication

Web Services Authentication


How can I use authentication with Outsystems WebServices?

Internet users outside our domain must use this webservices but we want some sort of authentication, can I impersonate a domain user?

Rodrigo Catarino
Hi Rodrigo,
OutSystems Hub Edition supports Integrated Authentication as long as the underlying operating system supports it. This is done as the IIS level and it falls onto IIS to authenticate any users that make a request.

If you have external users they would have to provide authentication credentials to IIS, this can be done programmatically in the .NET environment, however requests not having credentials or which fail to negotiate authentication credentials with IIS will be rejected.

You can read more about Integrated Authentication in Service Studio Help: Handling security -> Integrated Authentication

There are some limitations to this approach that you should be aware of and I suggest you read the following Microsoft article that goes into far more detail into this:

You could use a mixed authentication approach by having two versions of the Web Service interface, one that uses integrated authentication and one that does not. The one that does not use integrated authentication could have a simple user/password authentication mechanism running on top of SSL. This would allow everyone inside your network to call the integrated authentication version, and web service consumers outside your organization could use the second version if unable to use the other version. You'd only need to isolate your web service actions into regular eSpace actions and then use the two web service interfaces as a layer above them.

Best regards,
Marco Cunha