Post
Ask Question

Web Service in ASP.Net (Security by SOAP Authentication): Part 5

Before reading this article, I highly recommend reading the previous parts:

If we want to secure our web method from an unauthenticated client request then there are many ways to do this but there is also a way to create a web service and create all the web methods for Authentication first so we can do that with a custom SOAP header.

We embed the SOAP header into our message and validate its contents on the server.

If the SOAP header validates successfully then the web server sends the web service response to the client application.

We need to use [SoapHeader] on every [WebMethod] and for this attribute we must use a namespace “using System.Web.Services.Protocols;”.

So let's have an example.

Step 1

Open Visual Studio then select File -> New -> Web site.

Web site

Step 2

Add a Web Service File to the web site.

web service

Provide the name to the Web Service File that will add a .asmx file to the web site project.

web site project

Then delete the existing class file that is provided by the web service template.

web service templet

And add a new Class File to create [WebMethod] and [WebService].

add new Class

With a specified class name.

specified Class name

Step 3

Now use the namespace first that is required.

use the namespace

And create any Test [WebMethod].

WebMethod

Step 4

Now edit and set the CodeBehind and class the property in the .asmx file with the name of the web service class.

CodeBehind

Step 5

Now right-click on your Web Service (.asmx) file and view in it in a browser to test [WebMethod].

right click on your web Service

Then you will see the name of your web methods list on the page like.

web methods list

Click the name of Method to test.

Method to test

Enter the UserName Parameter's value like “Nitin Pandit”. Now click on the Invoke button to see the result of your web method.

UserName Parameter

Then the result will show on the page in XML format.

Step 6

The methods are working perfectly but I need to define the Authentication before calling every [WebMethod].

So add a class file to create user credentials.

add a class file

I added a class to my web service with UserDetails and I also declared the IsValid() function that returns a bool value after checking that the user details are vailed for login or not to be authenticated.

authentication

Code

  1. using System;  
  2. using System.Collections.Generic;  
  3. using System.Linq;  
  4. using System.Web;  
  5.   
  6. public class UserDetails : System.Web.Services.Protocols.SoapHeader  
  7. {  
  8.     public string userName { getset; }  
  9.     public string password { getset; }  
  10.    
  11.       
  12.     public bool IsValid()  
  13.     {  
  14.         //Write the logic to Check the User Details From DataBase  
  15.         //i can chek with some hardcode details UserName=Nitin and Password=Pandit  
  16.         return this.userName == "Nitin" && this.password == "Pandit";  
  17.         //it'll check the details and will return true or false   
  18.     }  
  19. }  
Step 7

Now use this class UserDetails on [SoapHeader] to authentication before checking the method calling.

Class UserDetails

Code
  1. using System;  
  2. using System.Collections.Generic;  
  3. using System.Linq;  
  4. using System.Web;  
  5. using System.Web.Services;  
  6. using System.Web.Services.Protocols;  
  7.   
  8. [WebService]  
  9. public class MyServiceClass  
  10. {  
  11.     public UserDetails User;  
  12.     [WebMethod]  
  13.     [SoapHeader("User", Required = true)]  
  14.     public string SayHello(string userName)  
  15.     {  
  16.         if (User != null)  
  17.         {  
  18.             if (User.IsValid())  
  19.                 return string.Format("Hello...{0} {1} ☺ ", userName,  
  20.                     DateTime.Now.ToString("tt") == "AM" ? " good morning " : " good evening ");  
  21.             else  
  22.                 return "Error in authentication";  
  23.         }  
  24.         else  
  25.         {  
  26.             return "Error in authentication";  
  27.         }  
  28.     }  
  29. }  
Step 8

Now build the Web Service and view it in the browser again and click on the web method name and pass the parameter value.

build Web service

Click on Invoke.

The output will be “Error in authentication” because we never assign the UserDetails class object before calling the WebMethod. That's why the server returns an Error Message from the WebMethod.

Step 9

Now create a web application or any other application to test this web method with SoapHeader attribute.

Right-click on the solution file and add a new web site.

add new web site

Then provide the name to the web application where you can't use this service.

web application

Step 10


add web service reference

Add a new Web Form and then create just 2 TextBoxes and a button to call and test the web service from the application.

textBox and button

Create a UI for the page.

Create UI

And write all the requirements.

all requirements

Step 11

Now at the last page run in the web browser.

Output

With the correct information I will call it and the output is Hello…Nitin evening ;)

run to the web browser

The result is returned and here is an error in authentication because of the wrong password so we can set the authentication for our Web Methods.

Thanks.
Nitin Pandit.


Similar Articles