I can easily create a base class for all my messages that contain a username and password that the user sets for each request. The user could also add this in the SOAP header. Does it matter and why?
Share
Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
I can easily create a base class for all my messages that contain a username and password that the user sets for each request. The user could also add this in the SOAP header. Does it matter and why?
In general, the header is meant for “out of band” information. Information that is not so much about the current message, as it is about the fact that you’re sending messages.
To the extent that security information isn’t changing from one message you’re sending to another, that information should not be in the individual message bodies, but should rather be in headers that get sent with every message body.
Another thing is that headers can be used for information which changes when the same message body can be sent to different destinations, each of which may have its own requirements for headers.