+ Start a Discussion

Trouble authenticating web service callout to IIS

The C# code below successfully calls a simple HelloWorld() service that lives behind (inside?) an IIS server.



        public void HelloWorldTest()


            var leadRequestService = new LeadRequestService.LeadRequestService();

            Assert.AreNotEqual(null, leadRequestService);

            leadRequestService.Credentials = new System.Net.NetworkCredential("username", "password", "domain");

            var aString = leadRequestService.HelloWorld();

            Assert.AreEqual("Hello leaduploader", aString);



And here's my attempt at the matching APEX code:


static testMethod void HelloWorldTest()


        LeadRequestService.LeadRequestServiceSoap aService = new LeadRequestService.LeadRequestServiceSoap();

        System.assertNotEquals(null, aService);

        System.assertEquals(null, aService.inputHttpHeaders_x);

        aService.inputHttpHeaders_x = new Map<String, String>();

        aService.inputHttpHeaders_x.put('Authorization', 'Basic dXNlcm5hbWU6cGFzc3dvcmQ6ZG9tYWlu'); 


        String aString = aService.HelloWorld();

        System.assertEquals('Hello leaduploader', aString);   



When I run this code through anonymous execution, I get a 401 error back from the server.


Now, I'm not convinced NetworkCredentials() is equivalent to adding Basic Authentication, which makes me think maybe I should try the latter inside Visual Studio so I have a closer apples-to-apples test.


Regardless, what is your experience calling web services from inside Salesforce and working-out the authentication issues?


Basic auth is not enabled by default on IIS. You'll want to check your IIS config. (if you look at the response HTTP headers, you'll be able to see which auth methods are enabled on your server)


When I traced it on the wire, it was using Negotiate in the working C# example.


What methods are people commonly using in Apex to call those services?  I've found so little written about Apex callouts and authentication.  In fact, the only specific authentication doc I've found is for Basic authentication.