C# Tutorials and offshore development in India
    Tutorials   Resources   Forum   Reviews   Communities   Interview   Jobs   Projects   Training   Your Ad Here    
Silverlight Games | Mentor | Code Converter | Articles | Code Factory | Computer Jokes | Members | Peer Appraisal | IT Companies | Bookmarks | Polls | Revenue Sharing | Lobby | Gift Shop |


Prizes & Awards
My Profile



Active Members
TodayLast 7 Days more...




Forums » .NET » Webservices »

Security for webservices


Posted Date: 04 Sep 2008      Posted By: Kiran      Member Level: Gold     Points: 1   Responses: 3



Hai,

I am passing Uname and password to my webmethods in my webservice for security reasons. I am validating the user using these credentials. But this validation process will happen whenever a webmethod is executed. How can i restrict this. If one webmethod is executed, then the user credentials have to be verified for first time. If second webmethod also need to be executed, this time credentials need not to be validated.

Any one please help me out from this.




Responses
Author: avtar    04 Sep 2008Member Level: GoldRating:     Points: -20

best suggestion ..use SOAP Headers inherit SoapHeader in ur class

Wht it does is On everycall of webservice method it will chekc for authentication ( a common method to authenticate all calls to webmethods)

look at this code :)

Please see the ValidationSoapHeader class defined below:

using System;

using System.Data;

using System.Configuration;

using System.Web;

using System.Web.Security;

using System.Web.UI;

using System.Web.UI.WebControls;

using System.Web.UI.WebControls.WebParts;

using System.Web.UI.HtmlControls;

using System.Web.Services.Protocols;



/// <summary>

/// Summary description for ePhoneCredentials

/// </summary>

public class ValidationSoapHeader : SoapHeader

{

private string _devToken;

public ValidationSoapHeader()

{
}

public ValidationSoapHeader(string devToken)

{

this._devToken = devToken;

}

public string DevToken

{

get { return this._devToken; }

set { this._devToken = value; }

}

}

As for the client side. I created a simple console application and added the web service as a reference in the project.

localhost.ValidationSoapHeader header = new ConsoleMyCsharpClient.localhost.ValidationSoapHeader();

header.DevToken = "12345";

localhost.Service ws = new ConsoleMyCsharpClient.localhost.Service();

ws.ValidationSoapHeaderValue = header;

Console.WriteLine(ws.HelloWorld());
Console.ReadLine();

You see the instantiation of the header and I assign the DevToken. If I had not passed in a header or passed in the wrong value we would receive an "Authentication Failed" exception.


Author: Ravi     04 Sep 2008Member Level: SilverRating: 2 out of 52 out of 5     Points: 2

Hi,
I guess you want authentication should be done for fist time not for every method. In this case you have to check Isauthenticate function in constructor. You can use soapheader for sending credentials and check in IsAuthenticate method.

Regards,
Ravi


Author: avtar    04 Sep 2008Member Level: GoldRating: 1 out of 5     Points: 1

Ravi .. its a stateless appln and its just fire and forget so where u store the state Isauthenticated ? how u do tht ?


Post Reply

 This thread is locked for new responses. Please post your comments and questions as a separate thread.
If required, refer to the URL of this page in your new post.
Next : Ho 2 pass dataset to Webservice
Previous : Free software tutorials for commercial purpose
Return to Discussion Forum
Post New Message
Category: Webservices

Related Messages


dotNet Slackers

About Us    Contact Us    Privacy Policy    Terms Of Use