I'm calling webservices from MS Excel (in the context of (XPages based) web browser applications, where the user should be able to import or synchronize data which then can be read/filtered/edited in the browser). As there is the infamous webservice Toolkit for Excel this is in this case easier than using REST services (which might be better suited for the SharePoint scenario). Works pretty good.
As the authentication part is often very complicated (the customer in question is using a Kerberos based single-sign-on, no way I could do that from Excel) I am calling the webservice as an anonymous user (anonymous has no access to the database, but the webservice has the "public access flag" enabled). The user has to provide her/his username and password in an Excel form, which will be transferred in the webservices payload, and I'm just looking this up against the domino directory within the webservice (hashing the entered password and comparing it with the hashed password in the user's person document). Based on that I decide whether to process the request or returning an error code.
Benefit: very easy to setup and maintain
Drawback: I have to do the authorization parts by myself - the code is running with the signers credentials, so I have to check readernames fields etc. explicitely in my code.
Hi Jake,
regarding the authentication:
I'm calling webservices from MS Excel (in the context of (XPages based) web browser applications, where the user should be able to import or synchronize data which then can be read/filtered/edited in the browser). As there is the infamous webservice Toolkit for Excel this is in this case easier than using REST services (which might be better suited for the SharePoint scenario). Works pretty good.
As the authentication part is often very complicated (the customer in question is using a Kerberos based single-sign-on, no way I could do that from Excel) I am calling the webservice as an anonymous user (anonymous has no access to the database, but the webservice has the "public access flag" enabled). The user has to provide her/his username and password in an Excel form, which will be transferred in the webservices payload, and I'm just looking this up against the domino directory within the webservice (hashing the entered password and comparing it with the hashed password in the user's person document). Based on that I decide whether to process the request or returning an error code.
Benefit: very easy to setup and maintain
Drawback: I have to do the authorization parts by myself - the code is running with the signers credentials, so I have to check readernames fields etc. explicitely in my code.