Basic authentication

Applies to the following products: 
Questionmark OnDemand
Questionmark Perception
Questionmark OnPremise
Applies to the following Perception versions: 
Perception 5.7

This page is separated into the following sections:

With Perception 5.7 and OnDemand, you can now use the username and password of a QMWISe user/Perception administrator to authenticate instead of using SOAP headers.

Questionmark recommends that basic authentication is used with QMWISe over SOAP headers.

After basic authentication has been enabled for your environment, if you don't pass any SOAP headers in a request to QMWISe, basic authentication will be used.

The addition of basic authentication will not affect the use of SOAP headers.

Beginning with Perception 5.7 (basic authentication was added to Questionmark OnDemand in the April 2013 release of OnDemand), if you pass the wrong credentials (of any type) when attempting to authenticate, you're likely to get an HTTP 401 response rather than a SOAP fault due to the fact that basic authentication is now supported. This means that even if you receive an HTTP 401 response, this doesn't necessarily mean you have accidentally enabled basic authentication somehow. You might have, for example, entered the incorrect checksum in your SOAP header.

Enabling basic authentication

To enable basic authentication, the Trust require setting must be disabled and the Security require setting must be enabled. To do this:

  1. Log in to Enterprise Manager
  2. Click the Administration tab
  3. Click Server Management
  4. Click Server Settings
  5. Make sure the Trust require setting in the QMWISe Settings section is unchecked

  6. Make sure the Security require setting in the QMWISe Settings section is checked

  7. Click Save and Exit

Priority of authentication methods

  1. Trust SOAP headers have highest priority, overriding both security SOAP headers and basic authentication
  2. Security SOAP headers have second priority, overriding basic authentication
  3. Basic authentication has lowest priority, not overriding any other authentication methods

As basic authentication has lowest priority, not passing any SOAP headers in a request to QMWISe will cause basic authentication to be used instead.

If you have basic authentication enabled, you can still use the client ID and checksum you used in previous versions of Questionmark. However, when basic authentication is used, you cannot use the name of a Questionmark administrator and their plain text password in the SOAP headers to override basic authentication; in this situation, only the client ID and checksum will work when basic authentication is enabled.

Using basic authentication with a third-party web service testing application

You can quickly set up a third-party web service testing application like soapUI to make test calls using basic authentication.

The following example shows how to connect soapUI to Questionmark via QMWISe and make a call with basic authentication enabled. This example assumes you've enabled basic authentication as outlined in the section above. To connect to soapUI:

  1. Launch soapUI
  2. Click File | New soapUI Project

  3. Enter an appropriate Project Name
  4. In the Initial WSDL/WADL field, enter the location for the QMWISe WSDL. The default location for the QMWISe WSDL is:

    If you're a Perception user:

    http://<Perception server>/qmwise5/qmwise.asmx?wsdl

    ...where <Perception server> is the domain name/computer name where QMWISe is set up.

    If you're an OnDemand user:

    https://ondemand.questionmark.com/qmwise/<customer ID>/qmwise.asmx?wsdl

    ...where <customer ID> is the customer ID of your OnDemand account.

  5. Select the Create Requests option
  6. Click OK

The WSDL will now be loaded in to soapUI with a sample request for each method. The sample requests make it easy to quickly create any given request.

In the example below, we will test the GetAbout web service, which will return information about the QMWISe software that is installed. To run the example request, follow the instructions below:

  1. Select the QMWISe project you created above
  2. Expand the GetAbout tree to display all the available web services

  3. Scroll down the list and locate the GetAbout web service
  4. Expand the GetAbout web service, where you should see the sample request called Request 1.

    If Request 1 is not available, right-click on the web service and select New Request. Enter a name for the request and click OK.

  5. Double-click Request 1. A window displaying the request should appear:

  6. Delete all the code between the <soapenv:Header> and the </soapenv:Header> tags:

  7. Click the Authentication and Security-related settings option at the bottom the request window (the option to the immediate left of Headers)

  8. Enter the Username and Password of a Questionmark administrator

  9. Click the Submit request button (the green arrow) in the top left corner of the window:

  10. A response from the server should now be displayed:

    The response displays information about the QMWISe software that is installed, including the version of the software that is installed, which build of the software is installed, and a statement of Questionmark's rights under the license agreement.

You have now tested a web service using basic authentication and soapUI.