Click here to Skip to main content
15,868,016 members
Articles / Web Development / ASP.NET

Authenticate .NET Web Service with Custom SOAP Header

Rate me:
Please Sign up or sign in to vote.
4.32/5 (28 votes)
29 Jun 2008CPOL2 min read 276.7K   7.8K   91   25
How to authenticate .NET web service with custom SOAP Header

Introduction

Many of us want to secure the calls to our web services, right?

There are so many ways to do this, one of them is to use custom SOAP header.

Using this method we simply add a required SOAP header to our web services calls.

We embed the SOAP header into our message and validate its contents on the server.

If the SOAP header validation done successfully, the web server sends the web service response to the consumer.

Pretty simple, right?

Using the Code

Now let’s see how to do this in visual studio:

C#
/// <summary>
/// Summary description for SOAPHeaderService
/// </summary>
[WebService(Namespace = "http://tempuri.org/")]
[WebServiceBinding(Name = "TestService",ConformsTo = WsiProfiles.BasicProfile1_1)]
public class SOAPHeaderService : System.Web.Services.WebService
{
    public SOAPHeaderService()
    {
        //Uncomment the following line if using designed components 
        //InitializeComponent(); 
    }

Notice that the “WebService<code>Binding” attribute has the “Name” argument set to “TestService”, I’ll explain this later.

Now, I write the custom SOAP header that I want to include in the SOAP message.
To do this I’ll create a class inherited from “System.Web.Services.Protocols.SoapHeader” , and I’ll but the required properties in it.

C#
public class UserCredentials : System.Web.Services.Protocols.SoapHeader
{
    public string userName;
    public string password;
}

Let’s add instance from that header in our service:

C#
public class SOAPHeaderService : System.Web.Services.WebService
{
    // Visual studio will append a "UserCredentialsValue" property to the proxy class
    public UserCredentials consumer;

Note that the Visual Studio will create a property in web service proxy called “UserCredentialsValue” which will map the “consumerpublic property in the web service.

Now we had to write a “Web Method” that uses that header in messaging.

C#
[WebMethod]
    [SoapDocumentMethod(Binding = "TestService")]
    [SoapHeader("consumer",Required=true)]
    public string GetBalance()
    {
        if (checkConsumer())
            return consumer.userName + " had 10000000 credit";
        else
            return "Error in authentication";
    }

    private bool checkConsumer()
    {
        // In this method you can check the username and password 
        // with your database or something
        // You could also encrypt the password for more security
        if (consumer != null)
        {
            if (consumer.userName == "Ahmed" && consumer.password == "1234")
                return true;
            else
                return false;
        }
        else
            return false;
    }

Note that I have added the “Binding” value to that I had used in declaring my service.

Also I declared the SOAP header that method will require when called, as long as declaring it with required.

Now, the only thing is remaining is to call the service with the SOAP header:

C#
SOAPHeaderService.SOAPHeaderService service = new SOAPHeaderService.SOAPHeaderService();
SOAPHeaderService.UserCredentials user = new SOAPHeaderService.UserCredentials();

  user.userName = "Ahmed";
  user.password = "1234";

 service.UserCredentialsValue = user;

 Console.WriteLine(service.GetBalance());

We just get reference to the service and the SOAP header, assign the SOAP header properties, attach it with the SOAP message and then make our call to the web method.

This is the console result after calling the service with username = “Ahmed” and password = “1234

Right.JPG

This one with other data:

error.JPG

Points of Interest

Securing their web services is a thing that many developers ignore while they are working; they relay that on that is a difficult and nasty task.

In the fact securing web service is all about understand the messaging layer and the protocols, you just need to go a little more deep and then you will find it is a very simple task.

I’ll post ISA about the other techniques to secure web services.

History

  • 30th June, 2008: Initial post

License

This article, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)


Written By
Architect INC Technologies
Kuwait Kuwait
+7 years of experience in designing and implementing Microsoft Based Solutions.
+5 years of experience in SharePoint implementations from MCMS 2002 to the latest version.
+3 years of experience as presales and technology advisory.
Strong analytic, design and client facing skills.
Strong record in consultation and presales with associated Gulf business understanding and market analysis.
Worked closely with Microsoft Kuwait & Qatar Offices SSPs, PTAs, PAMs and SAMs.
Extensive experience in BizTalk Server 2009, SSAS, PerformancePoint Services and Excel Services.
Active member in the Virtual Technology Specialist and Customer Immersion Experience programs.
Strong record in team leading and projects supervision.

Comments and Discussions

 
Questionlooks like very obsolete in 2019, there's an update of this? Pin
Member 1453240218-Jul-19 6:11
Member 1453240218-Jul-19 6:11 
PraiseVery well explained Pin
Tanveer Qasim17-Feb-19 20:21
Tanveer Qasim17-Feb-19 20:21 
QuestionvERY gOOD Pin
Member 47447520-May-16 6:36
Member 47447520-May-16 6:36 
Questionuseful Pin
Oscarw22-Apr-14 4:33
Oscarw22-Apr-14 4:33 
Thanks, It was very helpful
QuestionThis is driving me nuts. Pin
Codes With Wolves2-Apr-14 4:22
Codes With Wolves2-Apr-14 4:22 
QuestionWeb services in PowerBuilder Pin
deise_3020-Feb-13 7:01
deise_3020-Feb-13 7:01 
Questionhow to add soap headers to the xml generated from webservice Pin
anandsurya13-Apr-12 3:33
anandsurya13-Apr-12 3:33 
Questionsoap headers are not added Pin
anandsurya13-Apr-12 3:28
anandsurya13-Apr-12 3:28 
QuestionMyVote of 4 Pin
Alireza_136212-Apr-12 2:05
Alireza_136212-Apr-12 2:05 
GeneralMy vote of 3 Pin
Abdul Quadir Saifee11-Oct-10 9:18
Abdul Quadir Saifee11-Oct-10 9:18 
GeneralMy vote of 3 Pin
muhammadsaad1-Jul-10 7:51
muhammadsaad1-Jul-10 7:51 
QuestionAuthentication Vb.net web service client and PHP nusoap web service Server. Pin
nik0072612-Nov-09 22:33
nik0072612-Nov-09 22:33 
QuestionInserting a single node custom SOAP Header in auto generated Proxy services. Pin
selvasenthil10-Sep-08 10:05
selvasenthil10-Sep-08 10:05 
Generalinteroperability Issues [modified] Pin
mtbbiker18-Aug-08 9:00
mtbbiker18-Aug-08 9:00 
QuestionAdvantages for using custom soap headers Pin
vchauhan_me10-Aug-08 19:10
vchauhan_me10-Aug-08 19:10 
AnswerRe: Advantages for using custom soap headers Pin
Ahmed Shokr10-Aug-08 22:45
Ahmed Shokr10-Aug-08 22:45 
GeneralRe: Advantages for using custom soap headers Pin
vchauhan_me10-Aug-08 23:01
vchauhan_me10-Aug-08 23:01 
Generalشغل حلو Pin
Buaziz7-Jul-08 21:20
Buaziz7-Jul-08 21:20 
GeneralRe: شغل حلو Pin
Ahmed Shokr9-Jul-08 12:24
Ahmed Shokr9-Jul-08 12:24 
GeneralComments Pin
Ravenet30-Jun-08 16:10
Ravenet30-Jun-08 16:10 
GeneralRe: Comments Pin
Ahmed Shokr30-Jun-08 18:49
Ahmed Shokr30-Jun-08 18:49 
GeneralRe: Comments Pin
Ravenet30-Jun-08 19:35
Ravenet30-Jun-08 19:35 
QuestionGRIDVIEW Operations Pin
Pradeep Kulkarni30-Jun-08 5:32
Pradeep Kulkarni30-Jun-08 5:32 
AnswerRe: GRIDVIEW Operations Pin
Ahmed Shokr30-Jun-08 21:17
Ahmed Shokr30-Jun-08 21:17 
GeneralUsing Spring.NET and AOP Pin
mrxl30-Jun-08 4:14
mrxl30-Jun-08 4:14 

General General    News News    Suggestion Suggestion    Question Question    Bug Bug    Answer Answer    Joke Joke    Praise Praise    Rant Rant    Admin Admin   

Use Ctrl+Left/Right to switch messages, Ctrl+Up/Down to switch threads, Ctrl+Shift+Left/Right to switch pages.