Skip to main content

ASP.Net Services - Custom SOAP Headers


ASP.Net Services With Custom SOAP Headers 
Beginning here, I’ll not be discussing what web services are, WSDL, Disco Files etc, anyone can  easily get tons of data on these, from internet.

I am more concerned here about the Security aspect of Webservices.
If you are interested in exploring all the aspects of ASP.Net service security, here is the link

http://msdn.microsoft.com/en-us/library/w67h0dw7%28VS.80%29.aspx

Having said all this time, let’s start the real story.

SOAP: Simple Object Access Protocol (uses XML and HTTP)

The protocol contains SOAP packets that have following three components.
  1. SOAP Envelope: the container in which the actual data will be packaged.
  2. SOAP Header (Optional).
  3. SOAP Body (generally used for returning results)

A typical SOAP message looks like this 

 version="1.0" encoding="utf-8"?>
<soap: Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
  <Soap: Header>
  soap: Header>
  <Soap: Body>
   soap: Body>
soap:Envelope>


Steps to be followed:

1.Create a Custom SOAP Header
2.Tell Webservice method to use this header
3. Pass the Credentials to the Service proxy and invoke the methods

Create Custom SOAP Header:
Following are the steps needed to create the custom header
  1. Add  using System.Web.Services.Protocols(in case it is still not added)
  2. Create a Class, deriving it from SoapHeader Class
  3. Create logic in the file

    public class MyHeader : SoapHeader
    {
        //Add logic/code here
    }

This is all that is required for creating a custom  SOAP header.
 
Now let’s create a Service that’ll use this header .The Code itself is o documented that it conforms to the article.


using System;
using System.Collections;
using System.ComponentModel;
using System.Data;
using System.Linq;
using System.Web;
using System.Web.Services;
//Included for SOAPHeader
using System.Web.Services.Protocols;
using System.Xml.Linq;
using config = System.Configuration.ConfigurationManager;

namespace SoapWebServices
{
 

    ///
    /// This is SOAP Header Based Service requiring Username and Password
    ///
    [WebService(Namespace = "http://tempuri.org/")]
    [WebServiceBinding(ConformsTo = WsiProfiles.BasicProfile1_1)]
    [ToolboxItem(false)]
   [System.Web.Script.Services.ScriptService]
    public class Service1 : System.Web.Services.WebService
    {
       
        //Create Refrence toCustomer SOAP Header
        public MyHeader header;

        [WebMethod]
        //Tell the method to use custom header
        [SoapHeader("header", Required = true, Direction = SoapHeaderDirection.InOut)]
        public string Authenticate()
        {
           
                //Extract the information from SOAP Header and perform Authentication
            if (string.Compare(header.UserName, config.AppSettings["uname"]) == 0) //enter into it only if uname matches the stored value
            {
                if (string.Compare(header.Password, config.AppSettings["pwd"]) == 0) { }
                return "Log-in SuccessFul";
            }
            else return "Enter Valid CredentialsSupplied Credentials are InCorrect!!";
          
        }

       
    }
    //Custom Soap Header
    public class MyHeader : SoapHeader
    {
        public string UserName;
        public string Password;
    }
}



Let’s Create a Web App, Add reference to the service  and call it  as follows:

public partial class _Default : System.Web.UI.Page
    {
        //Create Proxy
        localhost.Service1 proxy = new SoapServiceClient.localhost.Service1();

        protected void Page_Load(object sender, EventArgs e)
        {
            //Check if the Custom SOAPHeader object is NULL
            if (proxy.MyHeaderValue == null)
            {
                proxy.MyHeaderValue = new SoapServiceClient.localhost.MyHeader();

            }
            callService();
        }

        private void callService()
        {
            //PAss the Credetials to SOAPHeader
            proxy.MyHeaderValue.UserName = "pradeep1";
            proxy.MyHeaderValue.Password = "pa55w0rd";
            //Call the  Service Method
            Response.Write(proxy.Authenticate());
        }

       
    }


This was a quick overview of implementing security in WebServices.

Hope this was Helpful.

Til Next Time…Happy Coding.

Comments

Post a Comment

Popular posts from this blog

Asp.Net 4.0: An Overview-Part-III

This is the last post in the series which will explore the following new features of ASP.Net 4.0  Performance Monitoring for Individual Applications in a Single Worker Process Web.config File Refactoring Permanently Redirecting a Page Expanding the Range of Allowable URLs Performance Monitoring for Individual Applications in a Single Worker Process It is a common practice to host multiple ASP.NET applications in a single worker process, In order to increase the number of Web sites that can be hosted on a single server. This practice results in difficulties for server administrators to identify an individual application that is experiencing problems. ASP.NET 4 introduces new resource-monitoring functionality introduced by the CLR. To enable this functionality, following XML configuration snippet is added to the aspnet.config configuration file.(This file is located in the directory where the .NET Framework is installed ) <?xml version="1.0" encoding="UTF-8...
Post a Comment
Read more

Covariance and Contravariance-General Discussion

If you have just started the exploration of .Net Framework 4.0, two terms namely Covariance and Contravariance might have been heard. The concept that these terms encapsulate are used by most developer almost daily, however there has never been any botheration about the terminologies. Now, what actually these terms mean and how are these going to affect us as a developer, if we dive in to the details. The simple answer is it’s always good to know your tools before actually using them. Enough philosophy, let’s get to the business. Starting the discussion let me reiterate that in addition to Covariance and Contravariance, there is another terminology, Invariance. I’ll by start here by diving into the details of Invariance and then proceed further. Invariance: Invariance can be better understood by considering the types in .Net.>net has basically two type, value-types and reference-types. Value types (int, double etc) are invariant i.e. the types can’t be interchanged either ...
1 comment
Read more

Advanced WCF

In this post, I am sharing the link of articles about  advanced topics in WCF. The List of articles is exhaustive and can serve as your repository for all WCF queries. Concurrency,Throttling & Callbacks  WCF Concurrency (Single, Multiple and Re entrant) and Throttling   WCF-Interop and BinarySecurityToken  WCF Callbacks  Creating Web Services From WSDL Link1 Link2 Link3 Link4 WCF-Security WCF over HTTPS   Transport Security(basic)/HTTPS UserNamePasswordValidator ServerCertificateValidationCallback 9 simple steps to enable X.509 certificates on WCF - CodeProject http://www.codeproject.com/KB/WCF/9StepsWCF.aspx?display=Print Message Security(Certificate)/PeerTrust Securing WCF Services with Certificates. - CodeProject http://www.codeproject.com/KB/WCF/wcf_certificates.aspx Message Security(Certificate)/ChainTrust How To Configure WCF Security Using Only X.509 Certificates - CodePr...
Post a Comment
Read more