SOAP header: why authenticate in the header and not the body?
whats the differences between putting the user’s credentials (username/password) in the header vs the user’s credentials (username/password) in the body?
well, authenticating in the SOAP Header can allow a single piece of code to authenticate all requests into the SOAP WS without knowing the actual contents of the SOAP Envelope. This can greatly reduce the amount of code you need to authenticate your services.
If you don’t put it in the header, you’ll need to do the authentication at the time of processing the Service, which is more expensive than NOT processing the service at all if authentication fails
SOAP follows a format which defines the
Body as the message. The
Header is open ended to some degree and can be used for varying reasons by varying frameworks, whereas the
Body has a sole purpose, transmitting the message.