We currently have an Microsoft ASP web service that consumes an F5 BigIP/LTM service using SOAP protocol. This web service serves as a API for other clients to request node/pool information, enabling/disabling nodes, etc. from the F5 service.
Web service proxies that derive from SoapHttpClientProtocol are automtically created. Currently, credentials are set to the proxy Credentials property using a NetworkCredential. This is used to authenticate with the F5 service.
In order to reduce the performance impact and logs due to the repeated authentications, we were requested to start using a cookie (BIGIPAuthCookie) in the request header to preserve the session and reduce the number of authentications.
My questions:
Are there any examples/samples for such a scenario?
Does the server (i.e. F5 service) or the client (our web service) need to set the cookie? From my understanding of cookies, they are set by the server upon the first successful login/authentication and the client includes the cookie on subsequent requests. Is this correct?
How are cookies implemented when using SOAP requests with everything done behind auto-generated proxies. Is there a setting to enable this or does it need to be handled programmatically?
Cookies and and API is something very hard and only with LTM maybe even more so. Better check using F5 API protection or NGINX API Gateway and use tolken in the POST body or HTTP header :
