c# – SOAP header: why authenticate in the header and not the body? – Education Career Blog

SOAP header: why authenticate in the header and not the body?

whats the differences between putting the user’s credentials (username/password) in the header vs the user’s credentials (username/password) in the body?

,

well, authenticating in the SOAP Header can allow a single piece of code to authenticate all requests into the SOAP WS without knowing the actual contents of the SOAP Envelope. This can greatly reduce the amount of code you need to authenticate your services.

If you don’t put it in the header, you’ll need to do the authentication at the time of processing the Service, which is more expensive than NOT processing the service at all if authentication fails

for example, check out here and here

,

SOAP follows a format which defines the Body as the message. The Header is open ended to some degree and can be used for varying reasons by varying frameworks, whereas the Body has a sole purpose, transmitting the message.

Leave a Comment