blmulholland wrote:

> My project is using NAM for our web apps. We are going to start
> implementing RESTful web services to be called by some of the webapps,
> including services hosted by a sharepoint server that also serves the
> user directly.
> But we are unclear how the service will be secured. Since it doesn't
> talk to the user directly we would not have the credentials.
> Certainly, we could pass the username along, but the password is only
> provided by NAM on the first request, and for obvioYou

So the consumer will only provide a credential once? How would the
consumer of the service would provide these credentials? Through BA or
are you using more advanced methodologies like username tokens in wsse

The challenge is that NAM is designed for human interaction and
webservices generally dont like to be redirected however, there is a
option on the AG to create a non-redirecting client for which you then
can enable Basic Auth. So, if the consumer could send the credentials
in a basic auth header with every request NAM could consume them and
send them on to the backend. Again, it all depends on what