Tuesday, April 09, 2002
<quote source= "http://msdn.microsoft.com/library/en-us/mpn20/html/mpdevAuthentication.asp?frame=true" >
MapPoint .NET uses the HTTP Digest Access authentication protocol, described in RFC 2617 (http://www.ietf.org/rfc/rfc2617.txt?number=2617), to authenticate the calls made to the SOAP APIs. The Digest Authentication protocol is considered to be an improvement over the Basic authentication, which sends the password in clear text over the network. The Digest Access authentication scheme is based on a simple challenge-response paradigm; the server challenges the client using a nonce value. A valid response from the client contains the MD5 checksum of the user name, the password, the given nonce value, the HTTP method, and the requested URI. In this way, the password is never sent in the clear.
The MapPoint .NET server implements the server side of the protocol described in RFC 2617. Any client making SOAP requests to MapPoint .NET needs to implement the client portion of the Digest Access authentication protocol. Most of the Microsoft HTTP client stacks implement the client portion if you are using a Microsoft API to send the SOAP requests. These APIs include WinInet, as well as the Managed Code HTTP classes. Using these APIs makes it easy to send authentication information along with the SOAP requests.
</quote>
What does this mean for non-Microsoft SOAP clients? Which platforms will be able to call MapPoint.NET easily? Which will have trouble?
For better or worse people will look at the MapPoint.NET as an example of how to build a Web Service. We need to know where MapPoint.NET is broken from an interop perspective. If you use a non-Microsoft SOAP implementation you should take a look at the MapPoint.NET documentation. Then tell the rest of the world how it affects your ability to use the service.
10:13:54 AM
