Forum Discussion

GuyHarel's avatar
GuyHarel
New Contributor
5 years ago

SoapUI multiple authentication calling SOAP WCF

Hello,

When I create a test to call a SOAP WS, adding a WSDL:

https://MyServer/MyWcfApplication/MyService.svc?WSDL

 

I am beeing asked several authentication questions:

 

1. NT Authentication: Authentication required for [MyServer:443]

I enter my network credentials. I assume this is a login to the server itself.

 

2. The same dialog box is opened again, I click Ok

 

3.  Basic Authentication:  Authentication required for [MyServer:443]

I enter the IIS pool login id and password (its a test server)

 

4. Error 401 when I run the test, I have to configure the authorization tab, NTLM, and I enter the IIS pool credential again.

 

After that everyting works fine. Questions:

 

1. Is this order of authentication questions normal  ?

2. Some id and password appears to be stored in the project XML, but other seems to be used by SoapUI internal login to the server. Which is which ?

3. We are planning to use this test to call the same WS but this time in production, to fix some issues. Is this a usual practice ? Specialy if SoapUI use the production id and password internaly to connect to the server, I guess its ok, but stored in clear text in the XML ?

 

Thanks.

 

  • richie's avatar
    richie
    5 years ago
    Hey GuyHarel,
    In that case id go back to your architectural design/technical requirements as it doesnt even make sense from a technical nor
    security perspective to have multiple different authentication schemes
    required to hit a single endpoint unless the different authentication is required by other layers in your technical architecture (e.g. gotta go via a Proxy first, etc.)

    Ta,

    Rich
  • richie's avatar
    richie
    Community Hero
    5 years ago
    Hey GuyHarel,

    I'm a little lost myself.....i've never had multiple authentication/authorisation schemes associated with a single endpoint. If it's basic auth it's basic auth. If its NTLM it's NTLM. If its OAuth, its OAuth.
    I can't think of a situation in years of testing when a single endpoint required multiple different authentication schemes so im seriously doubting this is the case. The only example that i could think of would be if you were accessing multiple different resources. Are you trying to access the endpoint from a jump box for example? Or does your solutin require messaging before you hit your endpoint? So youd need to be authenticated on that before you can submit your request to the endpoint requiring its own authentication? I havent got any jump box experience myself....perhaps one of the other forum users has.

    Whatever, id go back to looking at the technical architecture (tech requirements, Low level designs etc.) and the interface/api design specs to determine what they actually say in regards to the different authentication required enabling you to hit your endpoint. I think this is your best bet and then perhaps once you have that detail nailed down, come back with more specific questions if you still need help perhaps?

    Cheers,

    Rich
    • GuyHarel's avatar
      GuyHarel
      New Contributor
      5 years ago

      It's the SoapUI software which ask me several times to authenticate the WSDL/endpoint I am trying to test, in the order described by the initial post.

      • richie's avatar
        richie
        Community Hero
        5 years ago
        Hey GuyHarel,
        In that case id go back to your architectural design/technical requirements as it doesnt even make sense from a technical nor
        security perspective to have multiple different authentication schemes
        required to hit a single endpoint unless the different authentication is required by other layers in your technical architecture (e.g. gotta go via a Proxy first, etc.)

        Ta,

        Rich