Invoking web services that run under https and/or authentication

Unofficial Content

Versión es español 

Invoking web services that run under https / authentication / proxy
The following document is divided in 3 parts: the first one explains how to invoke https web services, the second shows how to invoke web services which are under authentication, and the third one shows how to invoke a webservice through a proxy. The paper is not intended to dig into technical aspects regarding SSL communication, concepts of public key/deprived etc.
Invoking a https web service
Invoking a https web service is just as easy as following 2 steps:
  • Inspect the WSDL (which will be under https)
  • Importing certificate and managing the keystore
1)   Inspecting the WSDL
As usual, when thinking of invoking a web service you have to read at first its wsdl using the WSDL Inspector. In this case, as the web service is under https it is necessary to save the WSDL as a XML file and then to ?local inspect? the WSDL using the file protocol as shown in the following picture. In order to obtain the WSDL (XML file) you can access the WSDL with the browser and then save the page.
Web service seguro/autenticación - wsdl inspector
Once the service has been inspected you can start programming the consumer taking into account that you must indicate that the service runs under https. You can achieve this using the Location data type as shown:
&location = getlocation("org_tempuriaction__wssuma")
&location.port = 8443
& = 1
&suma = &ws.execute(5, 3)
Where "org_tempuriaction__wssuma" is the external object name. More information GetLocation function
* you can also use the location.xml file.
2) Importing certificates and managing the keystore  

This step has a different configuration depending on the environment:

Invoking web services that run under authentication

In order to invoke a web service which is under authentication it is necessary to use the Location data type in order to specify the authentication parameters:

  &location = getlocation("org_tempuriaction__wssuma") 
  &location.Authentication = 1
  &location.AuthenticationMethod = 0
&resultado = &ws.Execute(&parm1,&parm2)

The following is a short explanation about each of the lines above:

  •  &location. Authentication = 1: Indicates that you will be calling a web service that requires authentication.
  • &location.AuthenticationMethod = 0: Indicates that BASIC authentication will be used (the other possible value is 1 = Digest). More info
  • &location.AuthenticationRealm= " MyRealm ". The realm is the place where the server will check if the user exists or not. It can be a database, a ldap directory etc. and it is server configuration. In this property we have to indicate the name of the realm (no matter which kind of realm it is). You can find its name in the authentication dialog that appears when accessing the server using the browser:

   Web service seguro/autenticación - realm

  • &location.AuthenticationUser: the user to authenticate.
  • &location.AuthenticationPassword: the user password.
 Invoking a web service through a proxy

Whether you have an outgoing Proxy from the client to Internet to consume the service, or an ingoing Proxy on the Server providing the service, its parameters must be configured in the ProxyserverHost, ProxyServerPort, ProxyServerUserName, ProxyServerPassword methods of the location data type (or location.xml)  

For example, we could program the following GeneXus code:    

  &location = getlocation('xxxx')
  &location.ProxyServerHost = "Host"
  &location.ProxyServerPort = 80
  &location.ProxyAuthentication = 1
  &location.ProxyAuthenticationMethod = 1
  &location.ProxyAuthenticationUser = "user"
  &location.ProxyAuthenticationPassword = "password"

  &location.ProxyAuthenticationRealm = "realm"