Skip to Content
author's profile photo Former Member
Former Member

User Authentication via web service & maintaining session

Hi Folks,

I will be writing a desktop based application in Adobe Flex/Microsoft .NET which would be based on web services. I have a coupl eof questions.

1. I wish to know how to authenticate the user i.e. say I create a login sreen in my application and accept the user's sap netweaver user/pwd, now I wish to know if there is already any standard web service that can be user to authenticate? If there is no standard web service then how can I achieve this?

2. The next question is even if I am able to do the first step and authnticate the user, how do I maintain the session i.e. the subsequent web service calls should not ask for user credentials.

Thanks & regards,

Gaurav

Add a comment
10|10000 characters needed characters exceeded

Assigned Tags

Related questions

3 Answers

  • Best Answer
    author's profile photo Former Member
    Former Member
    Posted on Sep 19, 2008 at 01:46 PM

    You may use WS-Security SAML Token Profile, to achieve Single-Sign-On between SAP netweaver and .NET.

    1.The user logs on to the Windows domain with his Windows Credentials.

    2.The WS Consumer authenticates at the Token Issuer with Windows Integrated Authentication and requests a SAML HoK Token that contains the domain identity.

    3.The Token Issuer issues the SAML Token.

    4.The WS Consumer sends the request using the Custom Binding (WS-Sec 1.0, SOAP 1.1, SAML Token Profile 1.0).

    5.The WS Provider maps the Windows User identity to the ABAP User identity.

    6.WS Provider sends response.

    p/s: supported in SAP NetWeaver 7.0 >= SP14 (ABAP)/SAP NetWeaver 7.1 (Java, ABAP).

    - julius

    Add a comment
    10|10000 characters needed characters exceeded

  • author's profile photo Former Member
    Former Member
    Posted on Sep 19, 2008 at 12:06 PM

    Hi,

    You could use HTTP authentification for instance. The user would have to provide valid credentials for each WS call. Instead of "maintaining the session" you could ask the user for his/her username/password, then store the data somewhere and pass them each time the app calls a WS.

    Add a comment
    10|10000 characters needed characters exceeded

  • author's profile photo Former Member
    Former Member
    Posted on Sep 22, 2008 at 03:18 AM

    Thanks folks! I'll wrok on all the ideas that you've put forth and see if it works out for me.

    Regards, Gaurav

    Add a comment
    10|10000 characters needed characters exceeded

Before answering

You should only submit an answer when you are proposing a solution to the poster's problem. If you want the poster to clarify the question or provide more information, please leave a comment instead, requesting additional details. When answering, please include specifics, such as step-by-step instructions, context for the solution, and links to useful resources. Also, please make sure that you answer complies with our Rules of Engagement.
You must be Logged in to submit an answer.

Up to 10 attachments (including images) can be used with a maximum of 1.0 MB each and 10.5 MB total.