Enter your keyword


HTTP Basic Auth VS WS-Security username token authentication

HTTP Basic Authentication and WS-Security username token authentication both are different authentication mechanism and independent to each other.

Let’s go in depth and see how both the mechanism differs
HTTP Basic Authentication 

Basic Authentication is used in HTTP where user name and password will be encoded using base64 encoding mechanism and passed with the request as a HTTP header.
For instance:
HTTP header section will have “Authorization: Basic dGVzdDp0ZXN0”  header element.
Username and Password will be encoded using base64 mechanism which is used in Authorization header.
For example:
base64(username:password) –> base64(admin:admin)
Most of the Webservice clients have option to provide basic auth header. In SOAPUI, at “Authentication” tab, we can provide username and password. If we switch to Raw format(as shown in the above image) of the request, all the HTTP headers are visible and we can see the Basic Auth header is set.
When we use Basic Auth, the username and password setting is on the HTTP headers not in the SOAP message. SOAP message goes with HTTP body.
WS-Security username token
Securing Webservices using ws-security username token authentication mechanism is a simple mechanism to secure services. It enforces user to provide UsernameToken security header in the SOAP requests.
As shown in the above image, the ws-security header is set as part of SOAP message.
If we secure a service using user name token option, (that is, ws-security username/password authentication) we should pass ws-security headers as shown in the above image.

Some Toughts (4)

  1. Anonymous
    added on 25 Feb, 2019

    do you have the xsd i can use for wsse security header. I am getting error when I try to upload xsd.

  2. added on 16 Mar, 2019

    This is truly a great read for me. I have bookmarked it and I am looking forward to reading new articles. Keep up the good work!. private blockchain

  3. added on 18 Jul, 2019

    Thanks for sharingcustom erp solutions

Leave a Reply

Your email address will not be published.