5,693,062 members and growing! (19,143 online)
Email Password   helpLost your password?
Web Development » Web Services » General     Beginner License: The Code Project Open License (CPOL)

Authenticate .NET web service with custom SOAP Header

By Ahmed Shokr

How to authenticate .NET web service with custom SOAP Header
C# (C# 2.0, C#), Windows, .NET (.NET, .NET 2.0), ASP.NET, Dev

Posted: 29 Jun 2008
Updated: 29 Jun 2008
Views: 10,402
Bookmarked: 23 times
Announcements
Loading...



Search    
Advanced Search
Sitemap
14 votes for this Article.
Popularity: 4.58 Rating: 4.00 out of 5
1 vote, 7.1%
1
0 votes, 0.0%
2
2 votes, 14.3%
3
3 votes, 21.4%
4
8 votes, 57.1%
5
Note: This is an unedited contribution. If this article is inappropriate, needs attention or copies someone else's work without reference then please Report This Article

Introduction

Many of us want ot secure the calls to our web services, right?

There are so many ways to do this, one of them is to use custom SOAP header.

Using this method we simply add a required SOAP header to our web services calls.

We embed the SOAP header into our message and validate its contents on the server.

If the SOAP header validation done successfully, the web server sends the web service response to the consumer.

Pretty simple, right?

Using the code

Now let’s see how to do this in visual studio:

/// 
/// Summary description for SOAPHeaderService
/// 
[WebService(Namespace = "http://tempuri.org/")]
[WebServiceBinding(Name = "TestService",ConformsTo = WsiProfiles.BasicProfile1_1)]
public class SOAPHeaderService : System.Web.Services.WebService
{
    public SOAPHeaderService()
    {
        //Uncomment the following line if using designed components 
        //InitializeComponent(); 
    }

Notice that the “WebServiceBinding” attribute has the “Name” argument set to “TestService”, I’ll explain this later.

Now, I write the custom SOAP header that I want to include in the SOAP message.
To do this I’ll create a class inherited from “System.Web.Services.Protocols.SoapHeader” , and I’ll but the required properties in it.

public class UserCredentials : System.Web.Services.Protocols.SoapHeader
{
    public string userName;
    public string password;
}

Let’s add instance from that header in our service:

public class SOAPHeaderService : System.Web.Services.WebService
{
    // Visual studio will append a "UserCredentialsValue" property to the proxy class
    public UserCredentials consumer;

Note that the visual studio will create a property in web service proxy called “UserCredentialsValue” which will map the “consumer” public property in the web service.

Now we had to write a “Web Method” that uses that header in messaging.

[WebMethod]
    [SoapDocumentMethod(Binding = "TestService")]
    [SoapHeader("consumer",Required=true)]
    public string GetBalance()
    {
        if (checkConsumer())
            return consumer.userName + " had 10000000 credit";
        else
            return "Error in authentication";
    }

    private bool checkConsumer()
    {
        // In this method you can check the username and password 
        // with your database or something
        // You could also encrypt the password for more security
        if (consumer != null)
        {
            if (consumer.userName == "Ahmed" && consumer.password == "1234")
                return true;
            else
                return false;
        }
        else
            return false;
    }

Note that I have added the “Binding” value to that I had used in declaring my service.

Also I declared the SOAP header that method will require when called, as long as declaring it with required.

Now, the only thing is remaining is to call the service with the SOAP header:

SOAPHeaderService.SOAPHeaderService service = new SOAPHeaderService.SOAPHeaderService();
SOAPHeaderService.UserCredentials user = new SOAPHeaderService.UserCredentials();

  user.userName = "Ahmed";
  user.password = "1234";

 service.UserCredentialsValue = user;

 Console.WriteLine(service.GetBalance());

We just get reference to the service and the SOAP header, assign the SOAP header properties, attach it with the SOAP message and then make our call to the web method.

This is the console result after calling the service with username = “Ahmed” and password = “1234”

Right.JPG

This one with other data:

error.JPG

Points of Interest

Securing their web services is a thing that many developers ignore while they are working; they relay that on that is a difficult and nasty task.

In the fact securing web service is all about understand the messaging layer and the protocols, you just need to go a little more deep and then you will find it is a very simple task.

I’ll post ISA about the other techniques to secure web services.

License

This article, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

About the Author

Ahmed Shokr


I'm working as .NET Team Leader in Safat Enterprise Solutions in Kuwait city.
I'm working in the MOSS team, we use MOSS 2007, ASP.NET 3.0 and others.
I like working in web applications and playing with Microsoft servers Smile.
Occupation: Team Leader
Company: Safat Enterprise Solutions
Location: Kuwait Kuwait

Other popular Web Services articles:

Article Top
Sign Up to vote for this article
You must Sign In to use this message board.
FAQ FAQ Noise ToleranceSearch Search Messages 
 Layout  Per page   
 Msgs 1 to 13 of 13 (Total in Forum: 13) (Refresh)FirstPrevNext
QuestionInserting a single node custom SOAP Header in auto generated Proxy services.memberselvasenthil11:05 10 Sep '08  
Generalinteroperability Issues [modified]membermtbbiker10:00 18 Aug '08  
QuestionAdvantages for using custom soap headersmembervchauhan_me20:10 10 Aug '08  
AnswerRe: Advantages for using custom soap headersmemberAhmed Shokr23:45 10 Aug '08  
GeneralRe: Advantages for using custom soap headersmembervchauhan_me0:01 11 Aug '08  
Generalشغل حلوmemberBuaziz22:20 7 Jul '08  
GeneralRe: شغل حلوmemberAhmed Shokr13:24 9 Jul '08  
GeneralCommentsmemberRavenet17:10 30 Jun '08  
GeneralRe: CommentsmemberAhmed Shokr19:49 30 Jun '08  
GeneralRe: CommentsmemberRavenet20:35 30 Jun '08  
QuestionGRIDVIEW OperationsmemberPradeep Kulkarni6:32 30 Jun '08  
AnswerRe: GRIDVIEW OperationsmemberAhmed Shokr22:17 30 Jun '08  
GeneralUsing Spring.NET and AOPmembermrxl5:14 30 Jun '08  

General General    News News    Question Question    Answer Answer    Joke Joke    Rant Rant    Admin Admin   

PermaLink | Privacy | Terms of Use
Last Updated: 29 Jun 2008
Editor:
Copyright 2008 by Ahmed Shokr
Everything else Copyright © CodeProject, 1999-2008
Web10 | Advertise on the Code Project