Hi everyone

Currently SOAP services only have access to basic authentication through the usage of the EnhanceWebReferences Xif. I need to use windows authentication in my web service calls and as far I understand the windows authentication is done through headers on the http request that contains the soap request which the EnhanceWebReferences Xif does not cover.

I tried to use the factory configuration forge component to change the configurations of the service to include windows authentication by changing the web.config of the file but Outsystems seems to ignore the web.config all together (tried multiple configurations, tried to alter other configurations of the service for example the endpoint and it still ignores it). Does anyone know if this is the intended behaviour?

Is there any way to use windows authentication with a soap service consumed directly inside outsystems? Or for that matter alter any of the parameters associated with the consumption of a service?



Hi Joao,

This is from the documentation: https://www.outsystems.com/help/servicestudio/9.0/Handling_security/About_Integrated_Authentication.htm

Consumed SOAP Web Services

When your consumed SOAP Web Service has the  Integrated Authentication property set  to Yes it means that the OutSystems application  sends its credentials to the server of the Web Service. Depending on the  configuration and programming of this server, it may or may not use the  credentials. For example, if the consumed web service is running in a  different server, delegation is not available. See Consumed  SOAP Web Service Properties.

If a consumed Web Service is invoked inside  a web screen you are probably expecting that delegation can be used. But  there are some limitations and if your system is configured to use NTLM,  delegation is not supported.

----

Are your web service in the same server than your application?
If not or if you have a situation like the one above, you will probably have to consume the web service through an extension.

EDIT

You can also take a look here. (Please, do not ressucitate the topic ;) rs)
And here.

The servers are in the same domain and resolve users in the same active directory.

"OutSystems application  sends its credentials to the server of the Web Service"

Do you have any idea about what this really means? Does the Outsystems send the apppool user or does it try to send the current logged in user credentials? Does it ask the end user for credentials? because what i really need is the IIS apppool user to be the one using the webservice.



Hi João,

By default, it is the logged user...
Really don't know if there is a way to change the user when setting the integrated authentication.
(For sure there is a way, because I know this is done).

I'll try to see if this is possible and how. :)

Cheers,
Eduardo Jauch

Eduardo Jauch wrote:

Hi João,

By default, it is the logged user...
Really don't know if there is a way to change the user when setting the integrated authentication.
(For sure there is a way, because I know this is done).

I'll try to see if this is possible and how. :)

Cheers,
Eduardo Jauch

Hi Eduardo, any news?


Hi João,

Sorry for the delay.

it seems that there is no way to "change" the user when doing delegation, in OutSystems (at least the people I consulted didn't know how to do it).
So, it seems that in this case, you will have to consume the webservice in an Extension and take care of the authentication with the user you want to use.

Cheers,

Eduardo Jauch

Thank you for the quick response.

Hi Joao

I faced this situation 2 years before and only solution provided by Outsystems was consume it in extension. There are some old posts explaining this which you can browse. Unfortunately I don't have that code now with me but you will have to go with extension approach if you do not want to waste the time.