Your SAS programs, embedded in web apps and elsewhere

Generated Web Services - Security parameters

Reply
Occasional Contributor
Posts: 7

Generated Web Services - Security parameters

I'm new to using the BI Web Services for .NET. We created a stored process as a Generated Web Services and was able to access it using web anon account (SOAPUI tool). We want something more secure so I removed the web anon user so we could use a metadata user and password through SAS Host when I set up a new environment. (We don't have web authentication here). Is this possible? What are the parameters that we need to use to call the generated web service?

Thanks in advance
SAS Employee
Posts: 5

Re: Generated Web Services - Security parameters

Hi Summer7,

It is possible to secure your generated services in this manner. The first thing you'll want to do is disable the webanon user so that anonymous requests can no longer succeed. Removing the user is one way of accomplishing this and it sounds like you've already done that. If you are setting up a new environment at a later date, you can choose not to enable anonymous access when you are configuring your installation using the SAS Deployment Wizard.

Once you've disabled anonymous access, you'll need to supply credentials with every call to your generated web services. Since you intend to use SAS Host Authentication, you will pass your username and password in the WS-Security header of your request. If you are testing in the SOAPUI tool, there are fields in the Request Properties section (should be in the bottom left of the screen when you have the request opened) called Username and Password. You will also need to change the WSS-Password Type in SOAPUI to PasswordText. If you are calling your generated web services from a programming framework, please consult that framework's documentation for information on how to supply values for WS-Security headers.

You can consult the SAS BI Web Services Developer's guide (http://support.sas.com/documentation/cdl/en/wbsvcdg/61496/HTML/default/a003257589.htm) and the SAS Web Application Administration Guide (http://support.sas.com/documentation/cdl/en/biwaag/63059/HTML/default/a003313657.htm) for more information on securing SAS BI Web Services.

Thanks, and let me know if you have any more questions.
Ask a Question
Discussion stats
  • 1 reply
  • 247 views
  • 0 likes
  • 2 in conversation