cancel
Showing results for 
Search instead for 
Did you mean: 

SoapUI multiple authentication calling SOAP WCF

SOLVED
Highlighted
New Contributor

SoapUI multiple authentication calling SOAP WCF

Hello,

When I create a test to call a SOAP WS, adding a WSDL:

https://MyServer/MyWcfApplication/MyService.svc?WSDL

 

I am beeing asked several authentication questions:

 

1. NT Authentication: Authentication required for [MyServer:443]

I enter my network credentials. I assume this is a login to the server itself.

 

2. The same dialog box is opened again, I click Ok

 

3.  Basic Authentication:  Authentication required for [MyServer:443]

I enter the IIS pool login id and password (its a test server)

 

4. Error 401 when I run the test, I have to configure the authorization tab, NTLM, and I enter the IIS pool credential again.

 

After that everyting works fine. Questions:

 

1. Is this order of authentication questions normal  ?

2. Some id and password appears to be stored in the project XML, but other seems to be used by SoapUI internal login to the server. Which is which ?

3. We are planning to use this test to call the same WS but this time in production, to fix some issues. Is this a usual practice ? Specialy if SoapUI use the production id and password internaly to connect to the server, I guess its ok, but stored in clear text in the XML ?

 

Thanks.

 

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Community Hero

Hey @GuyHarel,
In that case id go back to your architectural design/technical requirements as it doesnt even make sense from a technical nor
security perspective to have multiple different authentication schemes
required to hit a single endpoint unless the different authentication is required by other layers in your technical architecture (e.g. gotta go via a Proxy first, etc.)

Ta,

Rich
if this helped answer the post, could you please mark it as 'solved'? Also if you consider whether the title of your post is relevant? Perhaps if the post is solved, it might make sense to update the Subject header field of the post to something more descriptive? This will help people when searching for problems. Ta

View solution in original post

4 REPLIES 4
Highlighted
Community Hero

Hey @GuyHarel,

I'm a little lost myself.....i've never had multiple authentication/authorisation schemes associated with a single endpoint. If it's basic auth it's basic auth. If its NTLM it's NTLM. If its OAuth, its OAuth.
I can't think of a situation in years of testing when a single endpoint required multiple different authentication schemes so im seriously doubting this is the case. The only example that i could think of would be if you were accessing multiple different resources. Are you trying to access the endpoint from a jump box for example? Or does your solutin require messaging before you hit your endpoint? So youd need to be authenticated on that before you can submit your request to the endpoint requiring its own authentication? I havent got any jump box experience myself....perhaps one of the other forum users has.

Whatever, id go back to looking at the technical architecture (tech requirements, Low level designs etc.) and the interface/api design specs to determine what they actually say in regards to the different authentication required enabling you to hit your endpoint. I think this is your best bet and then perhaps once you have that detail nailed down, come back with more specific questions if you still need help perhaps?

Cheers,

Rich
if this helped answer the post, could you please mark it as 'solved'? Also if you consider whether the title of your post is relevant? Perhaps if the post is solved, it might make sense to update the Subject header field of the post to something more descriptive? This will help people when searching for problems. Ta
Highlighted
New Contributor

It's the SoapUI software which ask me several times to authenticate the WSDL/endpoint I am trying to test, in the order described by the initial post.

Highlighted
Community Hero

Hey @GuyHarel,
In that case id go back to your architectural design/technical requirements as it doesnt even make sense from a technical nor
security perspective to have multiple different authentication schemes
required to hit a single endpoint unless the different authentication is required by other layers in your technical architecture (e.g. gotta go via a Proxy first, etc.)

Ta,

Rich
if this helped answer the post, could you please mark it as 'solved'? Also if you consider whether the title of your post is relevant? Perhaps if the post is solved, it might make sense to update the Subject header field of the post to something more descriptive? This will help people when searching for problems. Ta

View solution in original post

Highlighted
New Contributor

It's a customer site, in production for several years. I have no saying in how its desiged technically. All I know is they are using advanced WCF features. But I guess you've answered my question.

New Here?
Join us and watch the welcome video:
Announcements
Top Kudoed Authors