Using SOAP Header to Authenticate a Web Service Consumer

In this Article we are going to use SOAP Header to authenticate the WebService users.


Description

In this Article we are going to use SOAP Header to authenticate the WebService users. Let's consider a WebService that allows consumers to get the order details based on order ID (which they placed from the web). This article based on RC1 version. To call this webservice client will passes RagavanID through SOAP Header. This RagavanID will validated inside the WebMehtod when clients Invokes it.

First we will create the class name called UserAuthInfo this class must Inherits from SoapHeader class.

public class UserAuthInfo: SoapHeader
{
public int RagavanID ;
}

Here int variable RagavanID is used for to check the valid WebSerivce Consumer.

using System;
using System.Collections;
using System.ComponentModel;
using System.Data;
using System.Diagnostics;
using System.Web;
using System.Web.Services;
using System.Web.Services.Protocols ;
using System.Data.SqlClient;
namespace Ragavan
{
public class UserAuthInfo: SoapHeader
{
public int RagavanID ;
}
/// <summary>
/// This webservice will get Order details based on Order ID .
/// </summary>
public class Service1 : System.Web.Services.WebService
{
//Creating Instance of UserAuthInfo
public UserAuthInfo MyHeaderValue;
public Service1()
{
//CODEGEN: This call is required by the ASP.NET Web Services Designer
InitializeComponent();
}
#region Component Designer generated code
//Required by the Web Services Designer
private IContainer components = null;
/// <summary>
/// Required method for Designer support - do not modify
/// the contents of this method with the code editor.
/// </summary>
private void InitializeComponent()
{
}
/// <summary>
/// Clean up any resources being used.
/// </summary>
protected override void Dispose( bool disposing )
{
if(disposing && components != null)
{
components.Dispose();
}
base.Dispose(disposing);
}
#endregion
// In this WebMethod I am reading SoapHeader values and
// assigning to ID, after that I am checking the
//RagavanID==2323 if it is true is a valid WebSerivce user.
//otherwise he can not invoke this method.
[WebMethod(),SoapHeader("MyHeaderValue")]
public System.Data.DataSet GetOrders(int OId)
{
int ID=MyHeaderValue.RagavanID;
DataSet ds =
new DataSet();
if (ID==2323)
{
string sConnString ="user id="sa";password="sa";database=northwind;server=localhost";
string sSQL ="Select * from Orders where OrderID="+OId;
SqlConnection oConn =
new SqlConnection(sConnString);
oConn.Open();
SqlDataAdapter da=
new SqlDataAdapter(sSQL,oConn);
da.Fill(ds,"Ragavan");
}
return ds;
}
}
}

Client calling a web Service passing RagavanID

using System;
using System.Data ;
using System.Data.SqlClient;
using Ragavan;
namespace SreeniSharp
{
/// <summary>
/// This Implementation of Basic Database Operations in C#
/// </summary>
class Class1
{
/// <summary>
/// Class Implementations
/// </summary>
[STAThread]
static void Main(string[] args)
{
//Creating Instance of WebService
Ragavan.Service1 ws = new Ragavan.Service1();
//Creating Instance of UserAuthInfo class
UserAuthInfo oAut= new UserAuthInfo();
//Assigning the RagavanID which is passed through //SOAP header
oAut.RagavanID =2323;
ws.MyHeaderValue =oAut;
DataSet ds =
new DataSet();
ds =ws.GetOrders(10248);
Console.Write(ds.GetXml()) ;
Console.Read();
}
}
}

Output with Correct ID