HTTP header capture

rocky_rhapsody · August 18, 2005, 7:32pm

I need to capture the http header after the post. What I want to see is the usr/pwd information in the header tag.

SavePipelineToFile doesn’t show me that?

Any ideas?

gupta_r.17495 · August 18, 2005, 8:06pm

Did you tried with the getTransportInfo and after this invoke a savepipeline .

But unless you drop the http service header info in the pipeline you will be able to see it right…

HTH,
RMG

rocky_rhapsody · August 18, 2005, 8:27pm

Yup, the service works…Thanks RMG

I also tried it with [url=“Download - IEInspector HTTP Analyzer - HTTP Sniffer, HTTP Monitor, HTTP Trace, HTTP Debug”]http://www.ieinspector.com/httpanalyzer/download.html[/url] software…

If somebody wants to use it in future…

Guest · December 16, 2005, 7:55am

Is there any service with in the webMethods, where i can pass userID which returns me the password? Here is the background information about the problem.
One of the portal sytem (Which is on the SystemA) is invoking the webMethods service(Which is on the SystemB) using SOAP over http. Once the request comes to webMethods, webMethods needs to execute another service (Which is on SytemC) and is exposed as webservice on the different system, which needs userID and password.
Is there any way can i get the userID and password from the http header information sent by SystemA (In my case it is webspear portal)

raymoser · December 17, 2005, 12:59am

Suresh1234,

First, welcome to wmusers and please register on the site.

Most systems do not pass the passwords along in the header. Once the user is authenticated, a token is passed that can be used to verify the user for each application by creating a method to verify against the authentication system. Netegrity works this way. Once a user has authenticated, I only need to grab the unique token from the header, pass it to netegrity for verification that the user is authenticated.

On a separate note, applications usually handle permissioning and provisioning but use the token along with the single sign on unique id to determine if the action is permissable.

Also, some LDAP systems will store static information like ROLE and will return this information during the intial logon. The role attribute can be used to determine if an action is allowed. It depends on the security of each system and your enterprise policy.

But to answer your original question, YES. If you want to send user name and password, you can do so, but it is inadvisable for security reasons.

Satish3 · December 11, 2008, 5:40pm

Hi Ray,

How to retrieve the uname and password that is passed from a DSP page. Bcoz, the password that was retrieved will be in encrypted format. My question is how to get the plain text password of encrypred form as i need to use this password to connect to other server via Context.

Plz help me and suggest any other alternative.

Datta