User authentication for SOAP service
Currently we are developing a SOAP to RFC scenario for our client. We will receive the request from a website and process the data and send back the response to the website itself. We have successfully implemented the interface, but the source system owners are not happy with enclosing the username and password in the URL itself. They feel it as a security threat to enclose the username and password in it. Currently we have provided the url in the below format,
Is there anything that could be done, so that we don't have to provide the username and password in the URL. Also they mentioned that they don't have a provision like the SOAP UI tool to enter the username and password in their system, where they can only pass the URL. The source application uses Java for their development.
Kindly help me on this.
Grzegorz Glowacki replied
Well, it is strange what you are saying. I have successfully tested it in SOAP UI without the credentials in the Aut tab, just with the HTTP Header. Please refer to this blog I have created on this topic in the meantime to check if your configuration is correct:
I have included a screenshot from SOAP UI there, to help you with this verification.