iNET Interactive - Online Advertising Agency
          
   Home    Authors    About    Login    Contact Us
   Search:   
Advanced Search     
  Articles

  ASP (26)
  ASP.NET (19)
  C and C++ (4)
  CFML (2)
  CGI and Perl (16)
  Flash (2)
  Java (7)
  JavaScript (28)
  PHP (92)
  MySQL (13)
  MSSQL (3)
  HTML (35)
  SEO (9)
  Visual Basic (12)
  CSS (13)
  SSI (5)
  XML (12)
  C# (14)

  Developer News

July 3, 2009
Why Freelancing is Awesome
About
 
July 3, 2009
Twitter spurs Bing and Facebook real-time initiatives
WebDevTips UK
 
July 3, 2009
Maybe ?Paid? Is the Future of Online Business
WebDevTips UK
 
July 3, 2009
Will Microsoft, Google and Amazon talk you out of your datacentre?
WebDevTips UK
 
July 3, 2009
US Couple Gets Prison Time For Internet Obscenity
WebDevTips UK
 
July 3, 2009
Indenting Lists Consistently Across Different Browsers
About
 
Courtesy of moreover.com
 
Want to receive new articles via e-mail? Click here!
/Home /ASP.NET

Implementing Custom SOAP Header 

  Views:    9973
  Votes:    6
by Dmitri Demyanik 11/11/03 Rating: 

Synopsis:

The article describes an alternative way of writing a secured web service.
Pages: 
The Article

Introduction

Web service development in .NET is very simple, I would say very simple. Numerous examples are available in books. But, unfortunately, those numerous examples as a rule do not say how to write a secured web service. I used to see code examples where username and password were sent into each business method of a web service. It definitely works but I would recommend to separate security logic from business logic. To accomplish this you should incorporate and send username/password in a SOAP header. This will give you an ability to write your own authentication module that will be independent from business logic. As a result, your web service will be more flexible and reliable and you can change or add business methods without changing security logic.

Web service

First, define a class to encapsulate login information:

public class LoginDetails : SoapHeader

{

public string Username;  
public string Password;  

}

To use the header in a Web service method, declare a public variable of the header type.  Then, add attribute referencing the header class:

 public class MyService : WebService

{

 public LoginDetais loginDetais;

 [WebMethod]
 [SoapHeader("loginDetails ", Direction=SoapHeaderDirection.In)]
 public string GetData()
 {

bool  isAuthenticated= mySecurityManager.Authenticate(loginDetais.Username, loginDetais.Password);

 }

}


However in this case login information is sent as text and is not protected and you should either encrypt Username/ Password or use SSL connection.

Client

Now let’s see an example of consuming the web service. A client sets the header for the proxy class prior to method call that requires it, as shown in the example:

MyService service = new MyService ();
LoginDetais myHeader = new LoginDetais ();
myHeader.Username = "Test";
myHeader.Password = "123456789";
service.LoginDetais = myHeader;
string result =service.GetData();

As you can see using custom header is very easy in .NET Web services.
Pages: 



 
  Sponsors

 
 
      Web Development by AITOC Company Copyright © 2009 iNET Interactive. All rights reserved.    Privacy  Terms  Advertise