So, I have the slightly weird situation in which I have a database where Anonymous has Reader access on the ACL, but in this database there is a web service which I want the user to be authenticated to use. If I change the security settings of the Web Service, then the service becomes completely invisible (i.e. a 404 error is generated) to the Anonymous user where I want the user to be prompted to enter a username and password when they try and consume the service.
If I set the ACL of the database to not allow Anonymous any access then the service can be consumed (in SoapUI for example) by passing username and password as HTTP headers on the web service request.
The question becomes, is there any way I can force the web service consumer to authenticate, but still allow the service URL to be visible and not result in a 404 error while having Anonymous have reader access to the database?