REST service with basic authentication

Basic Authentication for your service does not allow you to override the IIS behavior and intercept those credentials using a custom username/password validator. This is because IIS is handling the authentication prior to the WCF service being called.

To summarize:
• IIS does the authentication before WCF receives the request.
• By default IIS uses a native BasicAuthenticationModule, which authenticate against Windows credentials.
• Basic authentication via the custom UsernamePasswordValidator does not work.
• You can use a custom Http module (didn’t try that) or alternatively you can self host the service instead of using IIS.

To implement basic authentication you will have to create a local user on your webserver first (via Computer Management). This Windows user can be used by de webservice client as username/password in SoapUI.


As the above screenprint reveals you can either enter the username/password as part of the request properties on the bottom left of the screen. Or alternatively you can click the [Auth] button and select the authentication mode Basic. Bij default Use global preference should be used. If the REST service returns an error change this option to Authenticate pre-emptively.