Recently I had to write a Firefox extension for a company which provides text messaging web services. The Web-Service is an RPC-Style SOAP one which is written by "Nima Shayafar".
When I got this offer, I didn't think that this one would cause any troubles, as Mozilla has a SOAP implementation landed in it's platform since years (
This Web-Service is protected by basic HTTP Authentication, nothing tricky so far, but to my surprise Mozilla's SOAP implementation doesn't provide any mean to do authentication against an endpoint, and nah, not even a basic one.
Well I thought as this (writing Firefox extensions for protected SOAP Web Services) is not that uncommon situation I may get a good amount of information by Googling, but nothing catchy comes there in results except a thread at netscape.public.mozilla.xml where I found two solutions, one was submitting username/password pair together with URL, and the other one was to make an XHR connection to the endpoint (XMLHttpRequest implementation let you provide login/password for a basic authentication), and as Mozilla remembers that for the browser session, you're there.
The first solution is hmm ... horrible! And the second one, I didn't manage to get it to work.
So I started wondering in other possible ways to overcome this, and guess what? It was damn easy!
You just need to set Authorization header in HTTP request (which is base64 encoded of login:password), but just for that particular endpoint, and how?
You need to use nsIHttpChannel in conjugation with nsIObserverService, register it right before invoking the SOAPCall, and (don't forget to!) unregister it when the call is done, that's it.
Well, it took me an hour to come up with this, and I'm writing it in hopes save someone else "one hour".