Secure web service with soap headers and cookie Autherization

Hi, I am trying to write a small code to secure an exposed web services(service2.asmx) that returns server time by using cookie type authorization on the web service side using custom SOAP Headers that pass authentication credentials to the web service. I do not want to use SSL. If this works I will also encrypt/dcrypt the Soap message.

To achieve this, I wanted to build a client app. that does the followings:
a)Accepts and sends a username and password ( "admin" and "passord" resp.)
b)gets server time
C)checks to see if the user is logged in.
Well, in my application I tried to create 2 text boxes with labels for the userfor the username ansd password, created lable dispaly message and created 3 buttons : Login, Logout, GetTime.
However, when I tried to write valid credentials and hit the LOGIN and GETTIME Button the server does not display the time. Every Time I hit Login and GETTIME Button, I get SORRY BUDDY YOU DO NOT HAVE ACCESS. I think this is something to do with Cookies( I am not sure.)
The LOGOUT Button works well. The whole code is written below.
Can EXPERTS look at it and Give me comment.
Thank you in Advance.
<%@ WebService Language="VB" Class="Service2" %>
Imports System
Imports System.Data
Imports System.Data.OleDb
Imports System.Configuration
Imports System.Web.Services
Imports Microsoft.VisualBasic.ControlChars
Imports System.XML.Serialization
Imports System.Web.Services.Protocols
Imports System.Web.Security
Imports System.Globalization
'1) Create the public class SOAPHeaders
public class SOAPAuthHeader2:Inherits SoapHeader
public parameter1 As String
public Parameter2 As String
End Class
public class Service2:Inherits WebService
public sHeader As SOAPAuthHeader2

'Checks that the username and password are good. If they pass the test then set
'their Session to TRUE
<WebMethod(EnableSession:=True) ,SoapHeader("sHeader",Direction:=SoapHeaderDirection.InOut, Required:=True)> public function SignIn2() As boolean
'check the username and the password passed in the SOAPHeader
If ((sHeader.Parameter1.ToString() = "admin") AND (sHeader.Parameter2.ToString() = "password") ) Then
'HTTPContext.session("IsLoggedIn") =true
'HTTPContext.Current.session("IsLoggedIn") = true
Context.Session("IsLoggedIn") = true
return true
Context.Session("IsLoggedIn") = false
return false
End If
End function
'3)The protected web method
'This simply gets the current local time of the web server but first check to see
'if the users session is set to true by calling CheckLogin2().

<WebMethod(EnableSession:=True)> public function GetServerTime2() As String

If (CheckLogin2() = false )
Return "Sorry Buddy you are not allowed to have access"
Return System.DateTime.Now.ToString()
End if
'If (CheckLogin() )
' Return System.DateTime.Now.ToString()
'Return "Sorry Buddy you are not allowed to have access"
'End if
End Function
'4) CheckSession()
'This is first trying to see if context.Session("IsLoggedIn") exists
'If so then it checks to see if it set to TRUE. If it is true the function
',which called it, continues running and vise versa. BUT if the Context.Session("IsLoggedIn")
'DOES NOT exists it too stops the function that called it
'It is in the try/catch because if the Context.Session("IsLoggedIn") did not
'exist the system would fall over
<WebMethod(EnableSession:=true)> public function CheckLogin2() As Boolean

if (Context.Session("IsLoggedIn") = false)
Return false
Return true
End If
return false
End Try
End Function
End Class

The client app. WSSClient3.aspx
<%@ Page Language="VB" Debug="true" %>
<%@ Import Namespace="System.Data" %>
<%@ Import Namespace="JAYSERVICE2" %>
<%@ Import Namespace="System.Net.CookieContainer" %>
<%@ Import Namespace="System.Web.UI.WebControls" %>
<script runat="server">
private cookies as System.Net.CookieContainer
private oWebService As Service2
private oSoapHdr As SOAPAuthHeader2

public Sub Main()
'Cursor = Windows.Forms.Cursors.WaitCursor
'Cursor.Current = Cursors.WaitCursor
'Cursor = Cursors.WaitCursor
'set the web service cookieContainer property to cookies object

If (cookies is Nothing ) Then
cookies = new System.Net.CookieContainer()
btnLogOut.Enabled = false
btnLogOut.Enabled = true
End If
oWebService.CookieContainer = cookies
'Cursor = Cursors.Arrow

End Sub
'create a function for the login
private function Login() AS String
dim oWebService As new JAYSERVICE2.Service2
dim oSoapHdr As new JAYSERVICE2.SOAPAuthHeader2
'send the parameters to the proxy header
oSoapHdr.Parameter1 = txtUsername.Text.ToString()
oSoapHdr.Parameter2 = txtPwd.Text.ToString()
'send the soap header values to the web service
oWebService.SOAPAuthHeader2Value = oSoapHdr

' call the protected web method
Return true
End function
private function GetServerTime2() As String
dim oWebService As new JAYSERVICE2.Service2
dim oSoapHdr As new JAYSERVICE2.SOAPAuthHeader2
'now make a call to the protected web service and assign the result
'to the message label
lblMessage.Text = oWebService.GetServerTime2()
Return True
End function
private function LogOut() As String
dim oWebService As new JAYSERVICE2.Service2
dim oSoapHdr As new JAYSERVICE2.SOAPAuthHeader2

'kill the Cookie
Cookies = Nothing
oWebService.CookieContainer() = Nothing

btnLogOut.Enabled = false
lblMessage.Text = "Logged Out"
Return True
End function
' lastly assign the buttons to their functions
sub btnLogIn_Click(Sender as Object, e as EventArgs)
End Sub
sub btnLogOut_Click(Sender as Object, e as EventArgs)
End Sub

sub gettime_Click(Sender as Object, e as EventArgs)
End Sub

<form runat="server">
<asp:TextBox id="txtUsername" runat="server"/><br>
<asp:TextBox id="txtPwd" runat="server" Textmode="password"/><p>
<asp:Button id="btnlogin" runat="server" Text="Login" onClick="btnLogIn_Click" />
<asp:Button id="btnLogOut" runat="server" Text="Logout" onClick="btnLogOut_Click" />
<asp:Button id="btgettime" runat="server" Text="GetTime" onClick="gettime_Click"/><p>
<asp:Label id="lblMessage" font-size="20pt" runat="server" />
6/29/2004 6:38:46 PM 7071 articles. 0 followers. Follow

0 Replies

Similar Articles

[PageSpeed] 49
Get it on Google Play
Get it on Apple App Store


Similar Artilces:

A question about Web Service security / secured web service Testing
Hi, I created a web service and secure it using SoapExtention. I implemented code from this link. Now if I create proxy class from my other webapplication and call any webmethod of my webservice, I must provide username password to access any of its webmethod, otherwise it is throwing SOAP Exception which works fine. But now when I open this webservice locally using its URL, in Internet Explorer, like http://localhost/MyWebService/poservice.asmx, it shows me all webmethods and I can invoke any webmethod from here without using ...

xml web service --uploading the file to the xml web service
how can we upload the file in the xml web service 1.i mean what will be the return value in the proxy class 2.and how am i going to send the file to the xml web service----regards Bipul Kumar Here are some links to articles that helped us get this done: Hope this helps....

How to call a .net web service from another .net web service?
Hi all,I have developed two asp .net web services using visual studio .net 2003.I wish to call one web service from another web service.I tried adding a web reference of the web service in another web service and was able to do so.but i m not able to access the web methods provided by the web servicecould you please suggest a way to go about itExpecting quick replyThanxCharmy try to make sure that you reference it in the web reference and call it properly this is sample  [WebMethod()] public double CalcDistance(int x1, int y1, int x2, int y2) { Calculator.Service1 calc = new...

Web service in .NET from Java Web Service
Hi there,I'm pretty new to .net (although i have years of experience with the old vb 6, access 2k, as well as java)... and need some with perhaps either some syntax or something.Here is the wsdl.<wsdl:definitions targetNamespace="">−<wsdl:types>−<schema targetNamespace="GetBookInfoByISBN">−<complexType name="BookInfoType">−<sequence><element maxOccurs="1" minOccurs="0" name="Title" nillable="true" type="xsd:string"/><element maxOccurs=&quo...

Calling a Secure C# Web Service with SOAP Header Authentication and Cookies
Hi, I hope someone would be able to point me in the right direction. I need to develop a Delphi Client (Delphi 2009 Pro) that will consume a C# Web Service which makes use of SOAP Header Authentication and Cookies. The WSDL is poiting to a https:// address, and I was able to import the Service into my Delphi project using the WSDL Importer. But now I do not know how to continue, if it was normal web service (without the authentication code) it would have been fine. The initial call would contain something like this: (This from the Service Providers manual) {code} <?xml version=...

.NET web services Vs Java Web Services
Hello, does anyone know of a book or good source of information that compares .NET and Java Web Services? (I would like soemthing neutral if possible). I am thinking of approaching this subject for my dissertation? Many Thanks Rob Hi Rob, Last year I had to give a powepoint presentation on Web Services. I noticed some good books at barnes and noble that discussed the subject. These books were specific to Java and discussed Web Services in a very clear fashion. They gave some elementary examples that were easy to understand. I have not yet had the pleasure of creatin .NET Web Servi...

web service SOAP Headers
If this isn't the right forum, let me know what is.Is there a difference between SOAP serialization and  and XML serialization.I have been reading heavily and am now quite confused.I understand that SOAP serialization produces XML, but perhaps without a specific schema or a scheme very different from XML. In the context of web services, the XML Serializer is used to produce XML in SOAP format. What you may be getting confused about is that there is also a "runtime serialization" subsystem. This can serialize data either using a Binary Formatter, or a SOAP Formatter. It...

SOAP Web Service Problem (problema con un web service)
Please help, I can't read a webservice method (webmethod) from asmx web service, with Delphi firemonkey, In my first try I put a WDSL Importer, and I can retrive data from simplex type (string, booleans, integers) but when the method returns a DataSet, i loose my way. Por favor, ayuda, no puedo leer datos de un web service si el metodo que regresa es un DataSet, el web service esta hecho en así que es un asmx, utilizando el WDSL importes, traje datos sencillos como enteros, boleanos y otros, pero en el caso de arreglos como un DataSet no lo he conseguido, estoy perdido, y l...

what are web services and what are the advantages of web services?
 Hello  i am new to this .net stuff and i was ask on the job interview what a web services is?and if i did not know given that i had a project ( as a project manager,  or a web developer)   what  is it? how do i start a >NET project on it? what are the main advantages is?  HOW DO I START THIS IN THE INTERVIEW>  and what basic books do i buy?   Hi There, There plenty of source on the net about webservice Definiton:

Calling a Web Service from a Web Service
Hello,I was looking for some feedback on calling a web service from within a web service. I've heard that it's not good practice (or not possible). I have a scenario where I think it might make some sense.Within our infrastructure, we've created a web service that handles incoming updates on the statuses of all processes. This has proven to be a good thing since it allows applications to communicate across server to make status updates. It's also used by third party developers and applications to communicate with our infrastructure.Along these lines ... we are planning to create a new compon...

Is web services a part of web Service?
  I have a question: Is web services a part of web server?? And when the client calls web service, it means that client calls web server?? Or is it a different entity in itself which communicates separately both with client and server and acts as middleware application.. I am very confused.. Can someone explain me the architecture...??? Thanks..Dont forget to click "Mark as Answer" on the post that helped you.This credits the member,earns you a point & marks your thread as Resolved so that new users will know where to search for their queries. When you build and dep...

Web Site Project: How to configure web service URL in web.config (web service defined in a referenced DLL)
I have a web site that references a business logic DLL project. In the business logic project, there is a web service defined in its app.config file something like this: <applicationSettings>  <MyNamespace.BLL.Properties.Settings>    <setting name="MyNamespace_BLL_MyServer_ServiceName" serializeAs="String">    <value>http://blah.blah.blah.asmx</value>  </setting>  </MyNamespace.BLL.Properties.Settings></applicationSettings> When the web site is published, the web ...

create valid xml to send to web service based on the schema provided by web service
Problem: I have a web page which is being populated from a dataset containing multiple tables.  I now need to call a web service and send the majority of this data to be incorporate into a mainframe system.  I have been supplied with the schema that the web service will be using to validate the data.  I am new to web services and I am not sure how to take my existing dataset and transform it into an xml document that matches the schema I was provided with. There is a main schema with an element which is a custom complex type.  This custom type consists of an element whi...

Best Practice for .Net Web Service access to a Web Service on a Test and Production Servers
Hello All, What is the best way to control a .Net web service to be able to access a remote server for testing and then point to another remote server to access the web service in production? Do I need to generate and maintain 2 different proxy objects? TIA, Bob Bob // first create the proxy if not isvalid( i_service) then i_service = create fundtraderproxy_TradeServicesClient_BasicHttpBinding_ITradeServices end if ///You'll see code something like this in the constructor of your proxy //dynamically set the endpoint url with the user supplied value - //r...

Web resources about - Secure web service with soap headers and cookie Autherization -

Resources last updated: 1/11/2016 10:56:23 PM