8

Exactly now, I got my webservice authentication, but i've done this calling a method inside WebMethod, like this:

[WebMethod]
[SoapHeader("LoginSoapHeader")]
public int findNumberByCPF(string cpf)
        {
            try
            {
                LoginAuthentication();
                var retRamal = DadosSmp_Manager.RetornaRamalPorCPF(cpf);
                var searchContent= String.Format("CPF[{0}]", cpf);
                DadosSmp_Manager.insertCallHistory(retRamal, searchContent);

                return retRamal.Ramal;
            }
            catch (Exception ex)
            {
                Log.InsertQueueLog(Log.LogType.Error, ex);
                throw getException(ex.TargetSite.Name, cpf);
            }
        }

I want now to authenticate this WebMethod without call the "LoginAuthentication()" method, only using the SOAP Header - SoapHeader("LoginSoapHeader") - that is above inside the code.

Then, my question is how can I authenticate my WebMethod only using headers?

Thanks in advance.

guisantogui
  • 4,017
  • 9
  • 49
  • 93
  • Is it *really needed* to use now old SOAP protocol? There are many alternatives which uses HTTP only. For example Web API which is slim, flexible and it allows easy implement different authentication scenarios (see [here](http://www.asp.net/web-api/overview/security)). – Oleg Aug 24 '13 at 09:35
  • Not is really needed, but I want to learn how to do this using SOAP. – guisantogui Aug 25 '13 at 17:45
  • In my opinion SOAP is dead. So I think that learning of SOAP close to the job of autopsist. Do you follow pure education goals or you have some problem which you try to implement using SOAP? – Oleg Aug 25 '13 at 17:51
  • I'm just following the process, then i must to do this using SOAP. – guisantogui Aug 26 '13 at 14:53

1 Answers1

19

The requirement is the web service client has to provide with username and password while accessing the web methods.

We're going to achieve this using custom soap headers not the http headers

The .NET framework lets you create custom SOAP headers by deriving from the SoapHeader class, so we wanted to add a username and password

using System.Web.Services.Protocols;

public class AuthHeader : SoapHeader
{
 public string Username;
 public string Password;
}

To force the use of our new SOAP Header we have to add the following attribute to the method

[SoapHeader ("Authentication", Required=true)]

Include the class name in .cs

public AuthHeader Authentication;


[SoapHeader ("Authentication", Required=true)]
[WebMethod (Description="WebMethod authentication testing")]
public string SensitiveData()
{

//Do our authentication
//this can be via a database or whatever
if(Authentication.Username == "userName" && 
            Authentication.Password == "pwd")
{
   //Do your thing
   return "";

}
else{
   //if authentication fails
   return null;
 }            
}

we authenticate using the soap:Header element in a SOAP request,don't misunderstand the HTTP headers sent with the request. The SOAP request looks something like:

 <?xml version="1.0" encoding="utf-8"?>
 <soap:Envelope  xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
 <soap:Header>
   <AUTHHEADER xmlns="http://tempuri.org/">
     <USERNAME>string</USERNAME>
     <PASSWORD>string</PASSWORD>
   </AUTHHEADER>
 </soap:Header>
   <soap:Body>
     <SENSITIVEDATA xmlns="http://tempuri.org/" />
   </soap:Body>
</soap:Envelope>
Durai Amuthan.H
  • 31,670
  • 10
  • 160
  • 241
  • 2
    If you are using Membership, use the following line to validate the user: Membership.ValidateUser(Authentication.Username, Authentication.Password) – Atron Seige Feb 18 '15 at 08:30
  • @AtronSeige - If you think my answer is useful ...you could upvote my answer so that the answer lookers will know the usability of the answer.Thanks – Durai Amuthan.H Mar 01 '15 at 11:15