Basic authentication is supported by specifying a policy in the WSDL. A basic authentication policy can be added to the WSDL either manually or by using the WS-Policy Attachment window accessed from CASA and provided through Tango (WSIT). A basic authentication policy is specified at the root level of the WSDL and a reference to the policy is made in the WSDL Port type section, binding the policy to the endpoint.
To support basic authentication, the HTTP Binding Component defines the following WSDL elements:
MustSupportBasicAuthentication: This element has an attribute called on which can be used to turn authentication on or off. This attribute accepts the values true or false. The MustSupportBasicAuthentication element within a policy is required to enable basic authentication in the endpoint.
UsernameToken: This element specifies the user name and password fields for one of the following actions:
Authenticate the request when the endpoint is a provider
Invoke a web service with basic authentication enabled when the configured endpoint is a consumer
The user name and password fields can be specified either as plain text in the WSDL, or as tokens in the WSDL and configured at runtime.