0

I am working on a project where I need to make a call from .NET platform to non .NET Web service. I am making web service call using some methods where I can generate SOAP request to access web service. I made this communication using code given in code-projet site.http://www.codeproject.com/Articles/376168/Csharp-Dynamic-Web-Service-Invoker. I am able to communicate properly but I would like to make this communication more secure. Only reason to make web service dynamic is because it may reside on different locations.

My approach is to add secure token (some string) in a newly created header and add that header in outgoing SOAP request. And at receiving end (non .net platform), I will extract that value from header and verify against some algorithm and if things go fine, then only it will start rest of processes.

After researching couple of sites, I found that all the answers are for adding custom SOAP headers are pointing to direction where we use either WCF or Static web services. But here that is not the case. I just wrote simple plugin(Class) that makes this communication. I am calling web service after generating assembly reference after reading WSDL file from remote location.

I researched around 20-30 different forums to get answer to this question but none has the answer. Can someone help on this?

atp9
  • 890
  • 1
  • 11
  • 23

1 Answers1

2

Only reason to make web service dynamic is because it may reside on different locations.

You can set a WCF client's endpoint at runtime. When the services implement the same contract this'll work fine with native .NET instead of some (non-compiling or at least incomplete) code from the web, which is good because you're very unlikely to find support for the latter.

Let's take a look at your actual problem:

I would like to make this communication more secure

Then start at the service side. What framework is the service written in, does it support security in any way? It really depends on how you want to authenticate the caller, but "add secure token (some string) [...] and verify against some algorithm" does sound a little bit like reinventing the wheel.

WCF can work with almost any, if not every kind of SOAP and HTTP security, so configure your service, use a regular, configurable WCF client and set the endpoint to the right address at runtime.

CodeCaster
  • 147,647
  • 23
  • 218
  • 272
  • Ok. I am not using WCF web service in .net platform. I am using simple plug in which has code similar to this link : [link](http://stackoverflow.com/questions/18600761/creating-proxy-using-wsdl-programmatically-and-wsdl-parsing) Any idea, how to add headers using such program where things are getting populated dynamically? – atp9 Jan 01 '14 at 13:08
  • And yes, I also checked service side, and found that it has limited functionality. Service is written in InterSystem cahce. So need to figure out something at .net end. – atp9 Jan 01 '14 at 13:27
  • 1
    @tbp as I've been trying to explain in my answer: in order to extend code found on the web you'll have to understand what it's doing. This code apparently does what you need, but it's a way less optimal approach than the standard approach: create a service reference and change the endpoint at runtime. This is **the** way to go when only the endpoint changes between the various services. Not only because you have less code to maintain, but also because there are tons of answers on this site and the web in general on the term ["WCF client add header"](http://stackoverflow.com/questions/964433/). – CodeCaster Jan 01 '14 at 14:00
  • 1
    Well, I was thinking in complete different direction but thanks to you. I changed reference to static service reference and changed end point address on the fly (at Runtime). Also I am able to add custom soap headers using OperationContextScope class and it worked fine. Glad to have programmers who helps thinking in different direction. – atp9 Jan 07 '14 at 06:49