SOAP header: why authenticate in the header and not the body?

Question

SOAP header: why authenticate in the header and not the body?

whats the differences between putting the user's credentials (username/password) in the header vs the user's credentials (username/password) in the body?

Answer 1

well, authenticating in the SOAP Header can allow a single piece of code to authenticate all requests into the SOAP WS without knowing the actual contents of the SOAP Envelope. This can greatly reduce the amount of code you need to authenticate your services.

If you don't put it in the header, you'll need to do the authentication at the time of processing the Service, which is more expensive than NOT processing the service at all if authentication fails

for example, check out here and here