IWeb Authendication not working?

Aug 3, 2010 at 7:36 PM

Hello there, I have a DNN instance with Iweb running on it, with a couple of customized methods I created being offered on the webservice.

I have an external application calling these webservices to do things automatically in DNN. This works well, which makes me happy.

However, I've been required to prove out security on the interconnection between IWeb and my application. At about this time I noticed I had a couple of inherent mistakes in my credentials in the Iweb authendication header. This concerned me, so I sent a SOAP request with a bogus-credentialled authendication header to my Iweb webservice, and it executed.

My questions are where do I have to lock down and specify my web services so that only a specific user in a "Webservices" role can use it (I already have all the permissions set to that.), and if the authendication header actually does anything.

Thanks in advance!

Coordinator
Aug 3, 2010 at 7:52 PM
You have to make sure you call "ValidAndAuthorized()". You will want to use the sample web methods that are installed as your guide.
Aug 3, 2010 at 8:02 PM

Ahhh, that would definitely be the kicker. Thanks!