Authenticate Web Service

In this example we will build a web service that authenticates userid and password from an a very simple MS Access database. This web service exposes only one method to the client. This method takes input username and password, checks the values in the table, and if found returns the remaining fields from the table.

Create a database schema as shown below


Begin creating a web service project on the VS development environment.


It creates a project under your webserver root folder http://localhost/AuthenticateService. This service creates a default file Service1.asmx. The .asmx extension is used to designate Web Services, while .aspx designates Web Forms, which could be used to access the Web Service.

Web service consists of methods that are exposed to the world via the [WebMethod] call before the function. Here is the example of the default Hello World method.

// The HelloWorld() example service returns the string Hello World
// To build, uncomment the following lines then save and build the project
// To test this web service, press F5
// [WebMethod]
// public string HelloWorld()
// {
// return "Hello World";
// }

For our database example add a database connection object in the Constructor

private OleDbConnection conn;
public Service1()
//CODEGEN: This call is required by the ASP.NET Web Services Designer
new OleDbConnection("PROVIDER=Microsoft.Jet.OLEDB.4.0;Data Source=C:\\DB1.MDB");

We will now add the new method that we wish to expose to the world . In this case the mentod takes the input (USERID and PASSWORD ) , authenticates the user and if found returns back the user information in XML format. 

[WebMethod(Description="Get Employee Info")]
public string GetUserInfo( string userId , string password )
string XMLFormat ;
string command = "select NAME , AGE , ADDRESS1 , ADDRESS2 ,
from CUSTOMER WHERE USERID = '" + userId + "' AND PASSWORD = '"
+ password + "'";
OleDbCommand cmd=
new OleDbCommand(command,conn);
OleDbDataReader rdr;
bool ret = rdr.Read();
if ( ret )
XMLFormat = "<DETAILS>\n";
XMLFormat += "<NAME>"+rdr.GetValue(0).ToString()+"</NAME>\n";
XMLFormat += "<AGE>"+rdr.GetValue(1).ToString()+"</AGE>\n";
XMLFormat += "<ADDRESS1>"+rdr.GetValue(2).ToString()+"</ADDRESS1>\n";
XMLFormat += "<ADDRESS2>"+rdr.GetValue(3).ToString()+"</ADDRESS2>\n";
XMLFormat += "<CITY>"+rdr.GetValue(4).ToString()+"</CITY>\n";
XMLFormat += "<STATE>"+rdr.GetValue(5).ToString()+"</STATE>\n";
XMLFormat += "<ZIP>"+rdr.GetValue(6).ToString()+"</ZIP>\n";
XMLFormat += "<TEL>"+rdr.GetValue(7).ToString()+"</TEL>\n";
XMLFormat += "<EMAIL>"+rdr.GetValue(8).ToString()+"</EMAIL>\n";
XMLFormat= "" ;
return XMLForat;

Its that simple. Compile the code and test the application( press the F5 Key to execute ) . When you execute the application , the system opens it in a web browser..


The Result is returned in an XML format.

Upto this point we have just created the service and tested that the service work without errors or it returns the data that we expect.

The overall purpose of creating a service is so that clients can access this service.

How do clients communicate with Web Services ? What do we have to do to expose these methods ?

Client at location A will use the Internet to execute remote function calls (RFC) on location B's Web server. The communication is done using the SOAP and HTTP protocol.

Executing methods on the B's Web servers can be a serious threat to security. I am sure that webmasters will not want that to happen , since we do not want anyone using our resources or damage our sensitive data, and furthermore use our bandwidth. Web Service applications are distributed applications, so we have to be concerned about the marshalling of data.

To fix this we need to we create "proxy object" to act on behalf of the original Web service.So every "Web only" method will be replicated at the proxy object. This protects us from exposing businness sensitive logic to un authorised users at location B. In a way what we are doing is a "synchronization of object data exchange" between Location A and B. This process is known as creating a "proxy object" at Location A.

Therefore our code at Location A will instruct the proxy object. Then the proxy object will associate with the Location B Web service and produce the results to users at Location A. How do we do this ?

There is a utility called WSDL.exe ( Located under C:\Program Files\Microsoft.NET\FrameworkSDK\Bin ). Make sure to add this path to the PATH environment variable. Use a DOS prompt window to execute this program. The syntax is
wsdl /namespace:AuthNameSpace http://localhost/AuthenticateService/Service1.asmx?wsdl /namespace : Assigns a new NameSpace to be used by client.


This command will create a Service1.cs ( C# ) file in your working folder. We need to now compile this cs file using the csc.exe program. csc.exe is the command line program to compile C# programs. Here is the syntax

csc /t:library /r:System.Web.Services.dll /out:bin/Authenticate.dll Service1.cs

/t : Indicated that we are building a library ( dll )

/reference: Reference metadata from the specified assembly files (Short form: /r)

/out : Name of the output file

This command will create a DLL file that we will use to link to out client applications ( windows / ) that will help us access the Web Service exposed methods. The DLL gets be copied into the bin directory.


With the 2 utilities wsdl.exe and csc.exe we have created a proxy object.

We are now ready to extract data from the Web Service. This proxy object will have the complete public interface for any business functions that we have exposed. Remember, we didn't even register the DLL. We just compiled the source code and stuck the DLL in the "bin" directory. This is sufficient to get access to the DLL by the Web server. You may be confused if you are not familiar with the deployment mechanisms in ASP.NET. We do not need to register a DLL in order to be recognized by the operating system. We just put it under the local "bin" directory and the .NET Framework will pick it up at run time.

Now that we have a service available , why dont we use it ?

Lets write a simple client that can make use of this web service.