Salesforce

How Do I Securely Access a Web Service? (Magic xpa 2.x)

« Go Back

Information

 
Created ByKnowledge Migration User
Approval Process StatusPublished
Objective
Description

How Do I Securely Access a Web Service? (Magic xpa 2.x)

When you are accessing a Web service, you will need to set up the required security level (as defined by the Web Service provider) from within Magic xpa. There are two levels at which you will set up the security. First you will set up the security levels for the Service as a whole. Then, when you use the Web service in you program, you can specify the user name and password, if any, that is needed by the Web service.

Setting Security for the Service

  1. Go to Options->Settings->Services

  2. Go to the Service for which you want to set the security level. Press Alt+Enter to access the Web service properties.

  3. Set the security levels to what you need. Below is a table showing the options. If the Security level is set to Transport, then the communication channel is secured. Otherwise, if WS-Security is chosen, then the messages are secured using encryption, or both encryption and digital signing. If the access point to the service (as defined in the WSDL) is secured (https URL), the communication will be secured as well.

Security Level

Authentication Type

Encryption Algorithm

Operation Security

None

Disabled

Disabled

Transport

  • Basic

  • Digest

  • SSL

  • Kerberos

Disabled

Disabled

WS-Security

  • None

  • Basic

  • Digest

Several choices for Encryption and Signing algorithms

  • None

  • Sign

  • Encrypt (Asymmetric or Symmetric)

  • Sign+Encrypt (Symmetric)

Setting Security from the Task

When you access a Web service that requires authentication, your program can identify itself to the Web service provider using the WsSetIdentity function. Once the user ID and password are set using the WsSetIdentity function, the same user ID and password are used for all subsequent Invoke Web Service calls, until the function is used again.

Note: It is recommended to use variable instead of fixed values to avoid hard coding user credentials in the application.

Reference
Attachment 
Attachment