Home | Contact Us | FAQ | Search & Site Map | Link to Us
Sign In | Join | Other 45 Sites in Network
HomeAnnouncementsFree MagazinesWhite PapersSubmit Content
Discussion GroupsASP.NETWindows FormsLanguages.NET FrameworkVisual Studio.NET
Articles.NET FrameworkASP.NETToolsWindows Forms
.NET DirectoryOpen Source ProjectsUser GroupsWeb Resources
Related Topics
Visual Basic 6SQL ServerMS AccessOther DB ProductsMS Server ProductsMore Topics ...
.NET Forum / ASP.NET / Web Services / February 2007

Tip: Looking for answers? Try searching our database.

Can Web Service modify SOAP Header parameters?

Thread view: 
Enable EMail Alerts  Start New Thread
Thread rating: 
mojeza - 06 Feb 2007 15:30 GMT
I built a test web service project in VS2005 (vb) and I'm tring to
find if web service can modify SOAP Header variables and return them
to the client. My Web Service look like this:

Public Class MyHeader
 Inherits SoapHeader

 Public Username as String
 Public Password As String
 Public Token As String
End Class

Public Class Service
 Inherits System.Web.Services.WebService
 Public myHeadermemberVariables As MyHeader

 <WebMethod(Description:="Returns dataset", EnableSession:=true),
SoapHeader("myHeaderMemberVariable")>_
 Public Function GetData(ByVal sQuery As String, ByRef i As Int64,
ByRef sSessionID As String) As DataSet
   If (myHeaderMemberVariable.Username ="abcd") And
(myHeaderMemberVariable.Password="1234") Then
     'code which get data from SQL Server and populate custDS dataset
     i = custDS.Tables("myData").Rows.Count
     sSession = Session.SessionID
     myHeaderMemberVariable.Token = Session.SessionID.ToString
     Return custDS
   Else
     i = 0
     sSession = Session.SessionID
     myHeaderMemberVariable.Token = Session.SessionID.ToString
     Return Nothing
   End If
 End Function
End Class

All work fine, client is able to populate grid with received dataset
from this web service but SoapHeader Token variable as well as
sSession function parameter are both set to Nothing (they are not
populated with SessionID). My Problem is that I received very loose
specs to develop web service which will be working in the following
maner:
1. Client Login with Username & Password. Based on these information
user is authenticated and WS generates unique Token which is persisted
in SQL Server database and then send back to client.
2. Client uses this token every time client process calls WS
functions.
3. WS authorized client request base on last token, perform request
and generates a new token which is then return to the client in SOAP
header.
4. This process is repeated on every client request till client issue
Logout request.

I thought that most logical place to have tokens located is a SOAP
header, this would seperate authentication/authorization data from
each function parameter list and return variable. I wonder if anybody
tried something like this and would like to share some inside on
implementation of this concept. Any help and comments are greatly
apreciated.

Thanks a lot.
Reply to this Message
WishMaster - 07 Feb 2007 10:03 GMT
> I built a test web service project in VS2005 (vb) and I'm tring to
> find if web service can modify SOAP Header variables and return them
[quoted text clipped - 57 lines]
>
> Thanks a lot.

Hi Mojeza,

You have to understand to patterns for Web Service Security and then
it will be a piece of cake!!!

Here is the stuff...

In the code you are trying to implement Direct Authentication pattern
(kind of). Meaning, Client and Web Service both knows each other and
own the credentials as well as username and password. According to
your requirements you want to have SSO (Single Sign On) and so on,
which is not recommend for Direct Authentication pattern.

You should follow Brokered Authentication pattern, which specifically
developed for the requirements, like you have.
There are three Brokered Authentication patterns:
1) Kerberos
2) X.509
3) STS - Security Token Service

Now it looks very complicated, isn't? Well it will be very simple if
you just spend 4-5 hours of reading on this book, which is Free
downloadable from Microsoft site
http://www.microsoft.com/downloads/details.aspx?familyid=3e02a6c8-128a-47c2-9f39
-4082582f3fe1&displaylang=en

I would suggest reading at least chapter #1 and #3 and Part II,
depending on your interest.

Good luck!

Cheers,
Amer
Reply to this Message
mojeza - 07 Feb 2007 14:03 GMT
> Hi Mojeza,
>
[quoted text clipped - 27 lines]
> Cheers,
> Amer

Hi Amer,

I downloaded this pdf book and will read it.

Thank you very much.
Reply to this Message

Free Magazines

Get these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...

Oracle MagazineNetwork ComputingComputer WorldBio-IT WorldeWeekInformation WeekInfosecurity
 
Sign In
Join
My Latest Posts
My Monitored Threads
My Blog
My Photo Gallery
My Profile
My Homepage
Start New Thread
Enable EMail Alerts
Rate this Thread



©2008 Advenet LLC   Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.