Forum Discussion

Nimbostratus

Jan 31, 2022

Client web service using cookie for SOAP protocol authentication with F5 service

Hi all, We currently have an Microsoft ASP web service that consumes an F5 BigIP/LTM service using SOAP protocol. This web service serves as a API for other clients to request node/pool information,...

security

Nikoolayy1

MVP

Feb 03, 2022

Cookies and and API is something very hard and only with LTM maybe even more so. Better check using F5 API protection or NGINX API Gateway and use tolken in the POST body or HTTP header :

https://techdocs.f5.com/en-us/bigip-16-0-0/big-ip-access-policy-manager-api-protection/api-protection-concepts.html

https://www.nginx.com/blog/deploying-nginx-plus-as-an-api-gateway-part-2-protecting-backend-services/

https://auth0.com/docs/secure/tokens/json-web-tokens

https://www.adoclib.com/blog/sending-cookie-as-request-header-in-soap-ui-request-for-rest-web-service.html