You are viewing a plain text version of this content. The canonical link for it is here.
Posted to java-user@axis.apache.org by Mark Crowther <ma...@valtech.co.uk> on 2004/06/11 12:53:48 UTC

webservice.htc and authentication

Hi,

This is a quick mail which will hopefully help some people out there.

Having got over the inital hurdle of the hardcoded namespaces in the
Microsoft webservice.htc, I've been having problems getting it to
authenticate successfully with Axis (running inside JBoss 4). It seems
that the problem is entirely client side.

At some point, the webservice.htc opens a connection to the service
using:

  oXmlHttp.xmlHttp.open("POST", loc, co.async, co.userName, co.password ==
null ? "" : co.password);


This always seems to generate an "Unknown Server Error".

The fix I've used is to manually set the basic authentication header as
follows:

oXmlHttp.xmlHttp.open("POST", loc, co.async);
oXmlHttp.xmlHttp.setRequestHeader("Authorization", "Basic " +
base64Encode(co.userName + ":" + (co.password == null ? "" : co.password)));


(you'll also need a javscript base64Encode() function)

Everything starts working.

I think the problem is possibly that the XMLHttpRequest object encodes the
username and password as part of the URL rather than setting the header.
This behaviour
is disabled on recent versions of Internet Explorer, as described here:

http://support.microsoft.com/default.aspx?scid=kb;%5Bln%5D;834489


Hopefully this is of help to someone out there - caused me many hours of
confusion...

I can post the modified webservice.htc file if people would find it useful


Cheers

Mark


Mark Crowther
Valtech Ltd
120 Aldersgate St
London
EC1A 4JQ

--------------------------------------------------------------------------- 
DISCLAIMER: This e-mail contains Proprietary information some or all of
which may be legally privileged. It is for the intended recipient only.  
If an addressing or transmission error has misdirected this e-mail, 
please notify the author by replying to this e-mail. 
If you are not the intended recipient you must not disclose, distribute,
copy, print or rely on this e-mail. 
All information contained within this e-mail is subject to the Terms &
Conditions of Valtech Ltd. which are available upon request.