Using Invoke Web Service for basic http authentication? RRS feed

  • Question

  • Hi,

    We try to use create a workflow to connect to our service desk system using Invoke Web Service (WS Client).

    The problem we have is that the xml payload that we need to send through the web service (WSDL) needs to be authenticated first using basic http authentication. We don't have any special method from this wsdl itself that we may use in this workflow for the authentication process.

    So my question is there any other way we can perform this authentication through the workflow to our external web service?

    We have tried editing and used the http authentication within the web service configuration itslef but with no success. From our network traces the authentication doesn't seem to be included in the http header as suspected and the authentication fails.

    Thanks in advance for any help.



    Tuesday, February 15, 2011 12:11 PM


All replies

  • Hello Richard,

    A few questions, if I understand right: The WSDL of the Website of the Service Desk has no Method "Authenticate"? But you need to authenticate for the tasks to be automated? When you go to your Service Desk System using a Browser you get a Basic Authentication request?

    When the answer to all questions is 'Yes', I have no idea ... with "Invoke Webervice", but ..is it possible to add the Authenticate-Method to the WSDL?



    Tuesday, February 15, 2011 3:09 PM
  • It depends on how the authentication works exactly?


    Auth Method: You need to call an authentication method and receive a token

    Solution: Use two Invoke Web Service activities. The first authenticates and returns the token and all the others consume the token.

    HTTP Header

    Auth Method: Authentication is sent via the HTTP header

    Solution: On the Invoke Web Service activity open the security table and click Enable. Set the username and password appropriately.

    Session Based

    Auth Method: Call an authentication method and the session is then authenticated

    Solution 1: Use the Invoke .Net Script with PowerShell to perform the calls to the web service.

    Solution 2: Build a QIK activity that knows how to deal with the web service authentication. You can create discreet activities for each Web Service method. You might look for Java or .Net sample code from the vendor of the web service and see if you can transport it into a QIK activity. QIK was originally built to easily take sample code and transform it into Opalis activities.

    • Proposed as answer by Gp De Ciantis Friday, February 18, 2011 3:10 PM
    Friday, February 18, 2011 3:10 PM
  • Thanks all for answering,

    The authentication here works like the HTTP Header alternative. But though we enter the correct credentials on the invoke web services activity security table we encounter errors with the authentication process when running the activity. We have tested the same type of authentication process successfully using a java applet instead.

    Any ideas what might be wrong here?




    Monday, February 21, 2011 10:25 PM
  • Hi again,

    Just a little more information regarding the setup
    We are running HP Service Manager version 7.11, Apache Tomcat are used to publiche the web service, you are supposed to be able to authenticate with basic http authentication

    Here is a little code snippet that can authenticate to the web-service and create an interaction:

    using System;
    using System.Collections.Generic;
    using System.Linq;
    using System.Text;
    using ConsoleApplication1.Proxy;  // ServiceDesk
    using System.Net;
    namespace ConsoleApplication1
        class Program
            static void Main(string[] args)
                ServiceDesk proxy = new ServiceDesk();
                proxy.Credentials = new NetworkCredential( "falcon", "aSecretPassword" );
                CreateInteractionRequest req = new CreateInteractionRequest();
                req.model = new InteractionModelType();
                req.model.instance = new InteractionInstanceType();
                req.model.instance.ContactName = new StringType();
                req.model.instance.ContactName.Value = "BROWN, NICHOLAS";
                req.model.instance.ReportedByContact = new StringType();
                req.model.instance.ReportedByContact.Value = "BROWN, NICHOLAS";
                req.model.instance.ConfigurationItem = new StringType();
                req.model.instance.ConfigurationItem.Value = "ServerA";
                req.model.keys = new InteractionKeysType();
                CreateInteractionResponse resp = proxy.CreateInteraction(req);

    What we would like to do is to use Opalis to to pic up an Alert in MS OpsMgr using the Opalis OpsMgr Integration pack and then create an incident in the HP Service Manager system through the web service

    We did, for a start, try to integrate with the Opalis HP System Manager integration pack but this integration pack do not support HP SM v7.11 so we were adviced by MS to use Invoke Web Service as a workaround

    When configure the Invoke Web Service object you have to configure the Details tab
    There is no problem contacting the webservice URL, select the method, and get the XML format hint, so we have created the XML request payload successfully and formated it to include field data needed
    We then move on to the security tab and enable HTTP authentication, type in a username and a password known to be working with the web-service by the code-snippet above
    We then check in the policy and runs a test. the test will end up in a authentication failure

    When using the Network monitor we do not se any authentication data in the packets as we can when running it from the code snippet so our conclusion is that Opalis do not provide the username and password typed in under the security tab to the web service

    Questions rised, how do opalis use the username and password under the security tab?  How do we get opalis Invoke Web Service object to provide user credentials?

    Any hint and suggestions for further troubleshooting the issue is much appreciated.



    Tuesday, February 22, 2011 8:06 AM
  • Is the Opalis machine connected to the internet? Apparantly the HP 7.11 Web Service wsdl has some reference out to the web and so the Action Server and the Client need an internet connection to work appropriatey.

    Also, have you tried using the HP SM 7 integration pack?

    Wednesday, February 23, 2011 3:57 PM
  • We have got information from the HP Service Manager consultants that they have changed the wsdl for our convenience not to look for any external reference as we had issues with it before using the integration pack for HPSM6 (as this was only available at the time for Opalis). I don't think HP SM 7 integration pack is available for our running 6.2.x sp1 installation? I have to check on that one.


    Thursday, February 24, 2011 8:26 AM
  • The integration pack for HP SM 7 is backwards compatible with 6.2. You might want to try that.

    Thursday, February 24, 2011 1:57 PM
  • My suggestion, if your comfortable with coding (which you seem to be), would be to just create an opalis object for creating an incident using the code you published.  There are some good pieces of reference code out on codeplex for making your own IP and Charles Joy has some wonderful videos.



    Thursday, February 24, 2011 8:19 PM
  • Hi Gp De Ciantis,

    Thanks for answering. But shouldn't the connection th the web service be possbile to achieve the way we have configured it using the Invoke Web Service security tab and enable HTTP authentication (http header authentication) as this works all fine with our other code snippet to perform the same thing against the HP web-service?

    Or is this type of bug in the Opalis Invoke Web Service when using "http header authentication"?

    We would be pleased to only use the Opalis "built-in" invoke web service functions for this kind of operation. For future reasons we are also eager to know if it's possible to authenticate to other web-services working with Opalis and using the same type of operations explained here.



    Tuesday, March 1, 2011 9:59 AM
  • Thanks Ryan for your tip we have noted them down.

    But like I replied to Gp De Ciantis, we are just interested to hear and figure out why we aren't able to use the built-in Opalis Invoke Web Service to connect to the HP SM web-service using http header authentication which fails for us in this particular case.



    Tuesday, March 1, 2011 10:12 AM
  • Hi all,

    We have just recently installed the newest version available for Opalis (6.3.5230, upgraded a 6.2.2 install) running on a ws2008R2 host.

    We then by curiosity tried to use the Invoke Web Service to authenticate to a web service using "http header authentication" (please see above) but from what we can see it still doesn't work. When using network monitoring tools we can't see that the http header authentication from the Opalis workflow taking place at all.

    Does anyone been successfully using the Invoke Web Service in scenarios like this at all?



    Tuesday, March 22, 2011 1:57 PM
  • Hi,

    I'm using HP Service Manager 921. The webservice need a Axis2 authentication using the header authentication. My solution was:

    Create a partial class for Incidentmanagement and set the header:

        public partial class Incidentmanagement
            protected override System.Net.WebRequest GetWebRequest(Uri uri)
                var user = this.Credentials.GetCredential(uri, "Basic");
                string authValue =  EncodeTo64( user.UserName + ":" + user.Password);
                System.Net.WebRequest request = base.GetWebRequest(uri);
                request.Headers.Add("Authorization", string.Format("Basic {0}", authValue));
                return request;
            private string EncodeTo64(string toEncode)
                byte[] toEncodeAsBytes = System.Text.ASCIIEncoding.ASCII.GetBytes(toEncode);
                return System.Convert.ToBase64String(toEncodeAsBytes);

    And i call the webservice:

    Incidentmanagement im = new Incidentmanagement();
    CredentialCache credentialCache = new CredentialCache();
     // Create a new instance of NetworkCredential using the client credentials.
    NetworkCredential credentials = new NetworkCredential("theuser", "thepass");
    // Add the NetworkCredential to the CredentialCache.
    credentialCache.Add(new Uri(im.Url), "Basic", credentials);
     // Add the CredentialCache to the proxy class credentials.
    im.Credentials = credentialCache;
    im.PreAuthenticate = true;
    var response = im.CreateIncident(createdIncident);

    I don't know if this help... but...

    Wednesday, November 9, 2011 8:54 PM
  • Thanks for the information.
    Wednesday, October 17, 2012 7:53 AM
  • Hi,

    I tried your code but its giving me error: Bad auth String (could not parse username/password): String index out of range: -1

    Kindly help

    Monday, October 28, 2013 12:06 PM