Need help with ACL settings for WS

I’m trying to expose a simple flow service as a web service (IS 7.1.2). I have created a provider descriptor to the service and given the WSDL to the client. Since I want only them to execute this service I have created a User id for them and ACL with execute privileges to the user id. In the descriptor by default read acl is Anonymous and in addition I have added the ACL name that I have created to the Execute ACL property. But client is not able to access the service and they are seeing “Invalid Session ID or Session Expired”. This works fine if I make Execute ACL to Anonymous. Can some one explain me why my settings are not working.

Is the web service client passing the credentials when making the call?

Yes, They are passing the credentials while calling the service but I’m not sure if they are being sent at the right place. The service I’m exposing is a scheduled service with no inputs so in the wsdl there are no fields specified for credentials. So I have created the input variables called user id and pwd in the service and exposed the wsdl but I think that is where I’m missing something as it doesnt make much sense to me just to add inputs which are not used in the flow and which I dont see the web service is checking for authentication. Can you tell me how they should be passing the credentials?

The credentials in this case will need to be passed in the HTTP headers using basic authentication.

Try testing with a WS Client like SOAP UI or some equivalent. Atleast to let you know if there is something wrong with the data being passed by requester.

test by putting ur Uname/Password in properties and running test.