Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > ASP .Net > ASP .Net Web Services > Can Web Service modify SOAP Header parameters?

Reply
Thread Tools

Can Web Service modify SOAP Header parameters?

 
 
mojeza
Guest
Posts: n/a
 
      02-06-2007
I built a test web service project in VS2005 (vb) and I'm tring to
find if web service can modify SOAP Header variables and return them
to the client. My Web Service look like this:

Public Class MyHeader
Inherits SoapHeader

Public Username as String
Public Password As String
Public Token As String
End Class

Public Class Service
Inherits System.Web.Services.WebService
Public myHeadermemberVariables As MyHeader

<WebMethod(Description:="Returns dataset", EnableSession:=true),
SoapHeader("myHeaderMemberVariable")>_
Public Function GetData(ByVal sQuery As String, ByRef i As Int64,
ByRef sSessionID As String) As DataSet
If (myHeaderMemberVariable.Username ="abcd") And
(myHeaderMemberVariable.Password="1234") Then
'code which get data from SQL Server and populate custDS dataset
i = custDS.Tables("myData").Rows.Count
sSession = Session.SessionID
myHeaderMemberVariable.Token = Session.SessionID.ToString
Return custDS
Else
i = 0
sSession = Session.SessionID
myHeaderMemberVariable.Token = Session.SessionID.ToString
Return Nothing
End If
End Function
End Class

All work fine, client is able to populate grid with received dataset
from this web service but SoapHeader Token variable as well as
sSession function parameter are both set to Nothing (they are not
populated with SessionID). My Problem is that I received very loose
specs to develop web service which will be working in the following
maner:
1. Client Login with Username & Password. Based on these information
user is authenticated and WS generates unique Token which is persisted
in SQL Server database and then send back to client.
2. Client uses this token every time client process calls WS
functions.
3. WS authorized client request base on last token, perform request
and generates a new token which is then return to the client in SOAP
header.
4. This process is repeated on every client request till client issue
Logout request.

I thought that most logical place to have tokens located is a SOAP
header, this would seperate authentication/authorization data from
each function parameter list and return variable. I wonder if anybody
tried something like this and would like to share some inside on
implementation of this concept. Any help and comments are greatly
apreciated.

Thanks a lot.

 
Reply With Quote
 
 
 
 
WishMaster
Guest
Posts: n/a
 
      02-07-2007
On Feb 7, 2:30 am, "mojeza" <(E-Mail Removed)> wrote:
> I built a test web service project in VS2005 (vb) and I'm tring to
> find if web service can modify SOAP Header variables and return them
> to the client. My Web Service look like this:
>
> Public Class MyHeader
> Inherits SoapHeader
>
> Public Username as String
> Public Password As String
> Public Token As String
> End Class
>
> Public Class Service
> Inherits System.Web.Services.WebService
> Public myHeadermemberVariables As MyHeader
>
> <WebMethod(Description:="Returns dataset", EnableSession:=true),
> SoapHeader("myHeaderMemberVariable")>_
> Public Function GetData(ByVal sQuery As String, ByRef i As Int64,
> ByRef sSessionID As String) As DataSet
> If (myHeaderMemberVariable.Username ="abcd") And
> (myHeaderMemberVariable.Password="1234") Then
> 'code which get data from SQL Server and populate custDS dataset
> i = custDS.Tables("myData").Rows.Count
> sSession = Session.SessionID
> myHeaderMemberVariable.Token = Session.SessionID.ToString
> Return custDS
> Else
> i = 0
> sSession = Session.SessionID
> myHeaderMemberVariable.Token = Session.SessionID.ToString
> Return Nothing
> End If
> End Function
> End Class
>
> All work fine, client is able to populate grid with received dataset
> from this web service but SoapHeader Token variable as well as
> sSession function parameter are both set to Nothing (they are not
> populated with SessionID). My Problem is that I received very loose
> specs to develop web service which will be working in the following
> maner:
> 1. Client Login with Username & Password. Based on these information
> user is authenticated and WS generates unique Token which is persisted
> in SQL Server database and then send back to client.
> 2. Client uses this token every time client process calls WS
> functions.
> 3. WS authorized client request base on last token, perform request
> and generates a new token which is then return to the client in SOAP
> header.
> 4. This process is repeated on every client request till client issue
> Logout request.
>
> I thought that most logical place to have tokens located is a SOAP
> header, this would seperate authentication/authorization data from
> each function parameter list and return variable. I wonder if anybody
> tried something like this and would like to share some inside on
> implementation of this concept. Any help and comments are greatly
> apreciated.
>
> Thanks a lot.


Hi Mojeza,

You have to understand to patterns for Web Service Security and then
it will be a piece of cake!!!

Here is the stuff...

In the code you are trying to implement Direct Authentication pattern
(kind of). Meaning, Client and Web Service both knows each other and
own the credentials as well as username and password. According to
your requirements you want to have SSO (Single Sign On) and so on,
which is not recommend for Direct Authentication pattern.

You should follow Brokered Authentication pattern, which specifically
developed for the requirements, like you have.
There are three Brokered Authentication patterns:
1) Kerberos
2) X.509
3) STS - Security Token Service

Now it looks very complicated, isn't? Well it will be very simple if
you just spend 4-5 hours of reading on this book, which is Free
downloadable from Microsoft site
http://www.microsoft.com/downloads/d...displaylang=en

I would suggest reading at least chapter #1 and #3 and Part II,
depending on your interest.

Good luck!

Cheers,
Amer

 
Reply With Quote
 
 
 
 
mojeza
Guest
Posts: n/a
 
      02-07-2007
On Feb 7, 5:03 am, "WishMaster" <(E-Mail Removed)> wrote:
> On Feb 7, 2:30 am, "mojeza" <(E-Mail Removed)> wrote:
>
> Hi Mojeza,
>
> You have to understand to patterns for Web Service Security and then
> it will be a piece of cake!!!
>
> Here is the stuff...
>
> In the code you are trying to implement Direct Authentication pattern
> (kind of). Meaning, Client and Web Service both knows each other and
> own the credentials as well as username and password. According to
> your requirements you want to have SSO (Single Sign On) and so on,
> which is not recommend for Direct Authentication pattern.
>
> You should follow Brokered Authentication pattern, which specifically
> developed for the requirements, like you have.
> There are three Brokered Authentication patterns:
> 1) Kerberos
> 2) X.509
> 3) STS - Security Token Service
>
> Now it looks very complicated, isn't? Well it will be very simple if
> you just spend 4-5 hours of reading on this book, which is Free
> downloadable from Microsoft sitehttp://www.microsoft.com/downloads/details.aspx?familyid=3e02a6c8-128...
>
> I would suggest reading at least chapter #1 and #3 and Part II,
> depending on your interest.
>
> Good luck!
>
> Cheers,
> Amer


Hi Amer,

I downloaded this pdf book and will read it.

Thank you very much.

 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Header files with "header.h" or <header.h> ?? mlt C++ 2 01-31-2009 02:54 PM
SOAP Header in a Dot Net 2.0 Web Service Client Consuming a WCF 3.0 service. Curt K ASP .Net Web Services 3 06-15-2007 10:19 PM
Can we Modify/Remove HttpRequest Header ABCL ASP .Net 1 02-08-2007 12:07 AM
How to add SOAP header to a SOAP message? Peter van der veen ASP .Net Web Services 6 11-14-2006 06:44 PM
InvocationTargetException when calling "new Service()" in Axis web service to call another web service Michael Averstegge Java 0 01-10-2006 11:05 PM



Advertisments