cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

https + SAPLogonPage + asp.net webservice

Former Member

on ‎07-20-2005 10:23 AM

0 Kudos

Hello,

Here is the scenario.

I have exposed web services for an ASP.NET application.

We r currently allowing only https access to it.

The authentication mechanism we use is SAPLogon Page for the entire application.

When i add the web service to another application it allows me if successfully authenticated.

Upon successive calls to the web service, i face a problem :-


System.Net.WebException: The request failed with the error message:

-- <html>
<head>
<title>Object moved</title>
</head>
<body> 
<h2>Object moved to 
<a href='https://answers.sap.com/SAPLoginPage.aspx?ReturnUrl=
%2fwsrDetails.asmx'>here</a>.
</h2> 
</body>

</html> --.

2 questions :

1> how do i access a web service behind a SAPLogin Page ?

2> how do i do it using SSL ?

Thanks,

Amit.

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (2)

Answers (2)

Former Member
‎07-21-2005 4:05 AM
0 Kudos

Hi Reiner,

I am aware of the work around, but need to solve the issue at hand.

The cookie is not going to be created by any calling web service. I was looking if there is any fields in the header [Http.Authentication] i could use for this purpose.

We have not implemented SSO for this application, so the logon page is the only way i can protect the services them selves.

So i'm locked into the SAP logon page as a means of protecting the SAP server.

Thanks for the work around, but i can't use it.

Amit.

Show replies
Show replies
reiner_hille-doering
Active Contributor
‎07-21-2005 8:31 AM
0 Kudos

I don't think that the SAP Logon Page is a good means to do authentication for a Web Service - this is more well suited for a Web UI.

I would recommend some other authentication way:

- Do basic authentication with HTTPS.

- Use some external cookies or header fields, like MYSAPSSO2.

- Use X.509 client certificates.

- Use WSE and WS* secure.

I don't have an idea what is the best way to implement one of the strategies mentioned before. You could e.g. implement your own authentication provider (HttpModule) that checks your authentication information before continuing the real processing. You can take my MYSAPSSO2 Ticket provider as an example, see https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/com.sap.km.cm.docs/library/webas/def/enabling single sign-on for asp.net applications in enterprise portal 6.article

reiner_hille-doering
Active Contributor
‎07-20-2005 12:00 PM
0 Kudos

The SAP Logon Page is based on the Microsoft ASP.NET Forms Authentication provider. This uses a cookie. If the cookie is not present or too old, the request is redirected to the logon page.

It seems that this redirect happens to WebService request - of cause this doesn't make a lot of sense. You can avoid this by putting the WebService into a different ASP.NET application or to a subfolder. You can configure in the Web.config for which folders the Authentication mechanism is active.

Show replies
Show replies
Ask a Question