14.3 Authentication of Web Services
Overview
Authentication is the verification of the credentials of the connection attempt which consists of sending the credentials from the remote access client to the remote web service access server in either plaintext or encrypted form by using an authentication protocol. When users send a request for a web service, they are authenticated according to the credential type. To access a web service, users must provide valid credentials for the credential type being used during authentication. There are various types of authentication in web services and most of them are now supported by the OpKey.
Authentication Types
OpKey allows its users to test web services that need different authentication types. Here are the OpKey supported authentication types:
- Basic Webservice: For Basic web service, set None in the Authentication Type which is being selected by default.
- Secure Webservice: Secure web services need authentication credentials to access its properties. To use the secure web services user first need to select the HTTP_Basic_Preemptive or WS_UsernameToken_Clear in the Authentication Type dropdown. Further, enter your UserName & Password.
- WS_UsernameToken_Clear: Web Services Username Token is a type of authentication. UsernameToken is required as one of the supporting tokens in the WS-Security policy.
- NTLM: NTLM Manager (New Technology Lan Manager) is a suite of Microsoft security protocols intended to provide authentication, integrity, and confidentiality to users. NTLM is the successor to the authentication protocol in Microsoft LAN Manager (LANMAN).
- OAuth2: OAuth2 is the industry-standard protocol for authorization that allows a user to grant limited access to their resources on one site, to another site, without having to expose their credentials.
- When you select Basic Webservice, Secure Webservice, WS_UsernameToken_Clear or NTLM type of authentication type then you need to enter required UserName & Password.
OAuth2:
- When you select OAUTH2 then you need to enter Token (Access Token), if you have.
- If you don’t have Token then click on the Get Token button to generate an Access Token.
- Get Access Token window opens. From here, you need to select Grant Type and Client Authentication and fill other required details & then click on the Request Token button.
- You can hove the mouse on the i information icon of the respective fields to get field information.
- You can check the Refresh Token Require checkbox if you want to get the new refreshed token.
- You can check Save Settings checkbox if you want to save your applied settings.
- If the Grant Type is Authorization Code then OpKey Chrome Add-on must be installed on your Chrome browser in order to generate Access Token.
- When you select Implicit as Grant Type then you need to fill the following fields and then click on Request Token.
- If the Grant Type is Implicit then OpKey Chrome Add-on must be installed on your Chrome browser in order to generate Access Token.
- When you select Password Credentials as Grant Type then you need to fill the following fields and then click on Request Token.
- When you select Client Credentials as Grant Type then you need to fill the following fields and then click on Request Token.
- Here, you get the Access Token. Click on the Use Token button to use the created Token and proceed.