"Anthony Biondo Jr" <an************@kmhp.comwrote in message
news:uF****************@TK2MSFTNGP02.phx.gbl...
>I have seen examples of people saying that in the soap header you can pass
a
username and password. Is there a reason why putting username and
password
information in the header would be better than just including it as an
input
in the web service?
"It depends." (anon)
If your web service has more than one operation which has to be secured by
username/password, then putting it in the header keeps them out of the
signature of each operation.
Also, you may be able to have a SOAP extension (I think they're called
handlers in the Java world) process that header for every operation, so that
the operations don't need to do anything. You could even prevent the
operations from even being called if the username and password were
incorrect.
Finally, if you later decide that you need something stronger than username
and password, you would only need to change the header, not each operation.
John