We are sending credentials (user/password from Web Connection login) to the (https) Web Server for validation before initializing the service.
There is no user/password info being passed to the SOAP or http headers.
How can we validate the user requesting the service if it isn't being passed?
Do we have to use a ws-security policy file?
Username, and password can be passed using a Webservice Policy Files. This is documented in the Webservide Agent Guide in chapter 2.4.
2.4 Defining Web Service Policy Files