Hi, I am sorry for this posting, since I think this has been asked many many times. I have read all the related topics and tried many things, but still I cannot make my .NET client connect to my JBoss 4.0.5GA Webservices. My Visual Basic 2005 .NET client gives the error 'Authorization failed'. When I use @PermitAll it works fine. I really hope somebody can help me, since I have an idea what to do next. What have I done: 1) Specified @SecurityDomain("AthenaWS") in the Webservice and added @RolesAllowed("RegularUser") for all methods. The annotations of the class start with: @WebService (name="ApplicationEndPoint", serviceName="Application", targetNamespace = "http://address:8080/athenaserver") @SOAPBinding (style=SOAPBinding.Style.DOCUMENT, use=SOAPBinding.Use.LITERAL, parameterStyle = SOAPBinding.ParameterStyle.WRAPPED) @Stateless @Remote(ApplicationRemote.class) @RemoteBinding(jndiBinding = "/ejb3/ApplicationEndPoint") @SecurityDomain("AthenaWS") public class etc 2) Added the following text to JBOSS_HOME/server/default/conf/login-config.xml: <!-- A template configuration for the AthenaWS web application (and transport layer!). This defaults to the UsersRolesLoginModule the same as other and should be changed to a stronger authentication mechanism as required. --> <application-policy name="AthenaWS"> <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule" flag="required"> <module-option name="usersProperties">props/athenaws-users.properties</module-option> <module-option name="rolesProperties">props/athenaws-roles.properties</module-option> <module-option name="unauthenticatedIdentity">anonymous</module-option> <module-option name="hashEncoding">base64</module-option> <!-- <module-option name="hashAlgorithm">MD5</module-option> (when basic works, I want to use digest authentication) --> </login-module> </application-policy> 3) Placed athenaws-users.properties in the JBOSS_HOME/server/default/conf/props, this has the following contents: velzm=secret 4) Placed athenaws-roles.properties in the JBOSS_HOME/server/default/conf/props, this has the following contents: velzm=RegularUser 5) Downloaded Visual Basic 2005 Express Edition and SDK 2.0. I am using InfoPath 2007 but this cannot work with JBoss secured webservices directly, only using SharePoint Server this should be possible using UDC reading the documentation. However, I don't want this additional layer, so I am trying to make a work-a-round. I am using the tool wsdl.exe to generate a Visual Basic class for the webservice. Later when this works, I want to see if it possible to generate JavaScript code and embed this in the InfoPath form, so distribution no problem. With VB I must distribute the dll, which would suck. 6) Extended the generated VB webservice class, since preAuthenticate according to the topics gives problem. The VB code is: Option Explicit On Imports System Imports System.IO Imports System.Net Imports System.Text Public Class ApplicationWS Inherits Application Private nc As NetworkCredential = Nothing Protected Overrides Function GetWebRequest(ByVal Uri As Uri) As System.Net.WebRequest Dim request As System.Net.HttpWebRequest = MyBase.GetWebRequest(Uri) If (MyBase.PreAuthenticate) Then Dim nc As System.Net.NetworkCredential = MyBase.Credentials.GetCredential(Uri, "Basic") Dim credBuf() As Byte = New System.Text.UTF8Encoding().GetBytes(nc.Domain + "\" + nc.UserName + ":" + nc.Password) If Not credBuf Is Nothing Then request.Headers("Authorization") = "Basic " + Convert.ToBase64String(credBuf) End If End If GetWebRequest = request End Function Public Overloads Function getExchanges() As String() Dim parms As New getExchanges Return MyBase.getExchanges(parms) End Function Public Sub New() MyBase.New() MyBase.PreAuthenticate = False End Sub Public Sub New(ByVal domain As String, ByVal user As String, ByVal password As String) MyBase.New() MyBase.Credentials = New NetworkCredential(user, password, domain) MyBase.PreAuthenticate = True End Sub End Class 7) Testing the stuff, by the following VB code: Private Sub Button1_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles Button1.Click Dim application As New ApplicationWS("AthenaWS", "velzm", "secret") Dim count As Integer Try Dim exchanges() As String = application.getExchanges() For count = 0 To exchanges.Length - 1 Console.WriteLine(exchanges(count)) Next count Console.Beep() Catch ex As Exception MsgBox("ex=" + ex.Message) End Try End Sub This results in the message 'Authorization failure'. What's wrong ? - In JBoss 4.0.5GA I don't see an annotation of validateUnauthorizedTrue, so I cannot set this to true. Question which I have, is this option still necessary to set in JBoss 4.0.5GA ? - JBOSS_HOME/server/default/logs/server.log shows the following line: 2006-12-02 09:18:20,062 DEBUG [jbossws.SOAPMessage] Incomming SOAPMessage <soap:Envelope xmlns:soap='http://schemas.xmlsoap.org/soap/envelope/' xmlns:xsd='http://www.w3.org/2001/XMLSchema' xmlns:xsi='http://www.w3.org/2001/XMLSchema-instance'> <soap:Header/> <soap:Body> </soap:Body></soap:Envelope> Question which I have, where is the authentication header ?? I have used the debugger for overridded function GetWebRequest and this is called correctly, but is it not sending the information ? Or is it sending the information, but not showing up in the log ? I really need some suggestions, since I am stuck. Thanks in advance, Marcel van Velzen View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3990739#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...