WebService Headers Authentication

Question

Exactly now, I got my webservice authentication, but i\'ve done this calling a method inside WebMethod, like this:

[WebMethod]
[SoapHeader(\"LoginSoapHeader\")]
         


        

Answer 1

The requirement is the web service client has to provide with username and password while accessing the web methods.

We're going to achieve this using custom soap headers not the http headers

The .NET framework lets you create custom SOAP headers by deriving from the SoapHeader class, so we wanted to add a username and password

using System.Web.Services.Protocols;

public class AuthHeader : SoapHeader
{
 public string Username;
 public string Password;
}

To force the use of our new SOAP Header we have to add the following attribute to the method

[SoapHeader ("Authentication", Required=true)]

Include the class name in .cs

public AuthHeader Authentication;


[SoapHeader ("Authentication", Required=true)]
[WebMethod (Description="WebMethod authentication testing")]
public string SensitiveData()
{

//Do our authentication
//this can be via a database or whatever
if(Authentication.Username == "userName" && 
            Authentication.Password == "pwd")
{
   //Do your thing
   return "";

}
else{
   //if authentication fails
   return null;
 }            
}

we authenticate using the soap:Header element in a SOAP request,don't misunderstand the HTTP headers sent with the request. The SOAP request looks something like:

 
 
 
   
     string
     string