Introduction:
I had recently worked on a smart client application which uses the web service to check for the data update. Since we had used web service method to check for data update from the centralized database, the web method request has to be authenticated whether it is sent from a valid user. So the simple way I found was to authenticate the Web Service using SOAP Headers.
Overview:
This article is intended to provide an overview of the steps involved in authenticating a Web Service using SOAP Headers. The article is primarily for those who are new to Web Service and Web Service Authentication.
Step 1: Create a Web Service
Create a new Web Service Application project with name set as WebServer.
Place the below given code.
using System;
using System.Web;
using System.Web.Services;
using System.Web.Services.Protocols;
[WebService(Namespace = "http://tempuri.org/")]
[WebServiceBinding(ConformsTo = WsiProfiles.BasicProfile1_1)]
public class Service : System.Web.Services.WebService
{
public Service () {
//Uncomment the following line if using designed components
//InitializeComponent();
}
public AuthHeader SoapAuthentication;
[SoapHeader("SoapAuthentication",Required=true)]//
[WebMethod(Description = "A sample Web Method to demonstrate a simple web Service Authentication using SOAP Headers")]
public string SampleWebMethod()
{
if (SoapAuthentication.Username == "demo" && SoapAuthentication.Password == "123")
{
return SoapAuthentication.Username + " is an Authenticated User to access the Web Method";
}
else
{
return "Access Denied for " + SoapAuthentication.Username;
}
}
}
public class AuthHeader : SoapHeader
{
public string Username;
public string Password;
}
In the above given code we have created a web method (SampleWebMethod) which uses the SOAP header for authentication (ie)SOAP Header will validate whether the request is coming from a valid client or not and a class AuthHeader is derived from the SoapHeader class
Using the SOAP header SoapAuthentication, User credentials are checked for authentication. If the credentials are valid, then the authenticated message is returned to the client. If not, then an Access Denied for the user message is returned to the client.
Now run the WebServer.
Step 2: Create a Client Application
Create a new web application with name set as WebClient. Add a button control, two text box controls and a label control.
Right click the project and select Add Web Reference
Type the url of the Web Service we created in step 1. Example:http://localhost:1999/WebServer/Service.asmx. Set the name as webreference.Click the Add Reference button. Now place the below given code inside the button click event.
webreference.AuthHeader objAuth = new webreference.AuthHeader();
objAuth.Username = usertxt.Text;
objAuth.Password = passtxt.Text;
webreference.Service objService = new webreference.Service();
objService.AuthHeaderValue = objAuth;
string str = objService.SampleWebMethod();
resultlbl.Text = str;
usertxt.Text = "";
In the above given code we have created an object objAuth for the AuthHeader class in the WebServer using the webreference namespace. We assign values to the objAuth (AuthHeader object) property ie:Username and Password.Then we create an object objService for Service class which contains the Web Method. The object objAuth in assigned to objService property (AuthHeaderValue).At last we call the Web Method (SampleWebMethod) using the objService.
Step 3:
Now run the WebClient application.
The Output screen similar to the fig given below is displayed.
Test the authentication with valid username and password ("demo" "123")
Test the authentication with invalid username and password.
Conclusion
In this article we have come across the steps involved in creating a Web Service Authentication using SOAP Headers. This is a simple sample application to make you understand about Web Service Authentication using SOAP Headers.
|
| Author: BhavanaZionFelix 26 Sep 2008 | Member Level: Silver Points : 2 |
Good article to understand about how authentication is provided in webservices.It provides the basic knowledge.In addition to this there are other secured methods that can be implemented in webservices.In real time the passing of userid and password in text format would challenge the security issues over network.Hence it is suggested to implement the advanced level authentication in webservices.
|