Monday, October 31, 2005 6:55 PM
scratching my head for the past few days...
in our current SOA migration, i am running into an intrestring quandry. take a composable web service, GetStatusReports. so just how can i provide a suitable authentication and authorization schemes that agree with InfoPath AND BizTalk, where both are consumers of this service?
InfoPath:
Supports Integrated Windows Authentication
Lacks Web Service Extensions (WSE 2.0)
Custom authentication may not be suitable, as there is no secure place to store credentials.
BizTalk:
Supports Web Service Extensions (WSE 2.0) with a microsoft-supported adapter
Lacks Integrated Windows Authentication (as far as i can tell, 401 forbidden returned if anonymous disallowed)
Custom authentication may be suitable.
What other options have i missed? Right now, I can only run the service under ASP.NET impersonation with a domain user account.