why using soap header to pass user credential not soap body?

Hello List,

I saw a lot of articles talking about using soap header to pass user credential (user name and password). 

My question is why I have to create a custome soap header to pass user credential instead of passing username/password as two parameters to web method call directly.

For example, I have the following web method call,



account GetAccountInfo(string username, string password, string AccountID)

{ ... }

It is easier than create a custome soap header and pass user credential through soap header

Did I missing something here?  

Thanks in advance,



1/8/2007 12:47:51 PM
asp.net.xml-web-services 7071 articles. 0 followers. Follow

2 Replies

Similar Articles

[PageSpeed] 57

The biggest advantage of placing the credentials in the header is that you can put the credential validation code in a single place and make it part of your standard pipeline.  That way the credentials don't have to appear on your exposed signature and your consumers have to know how to add the credentials which gives you some little added security.
1/8/2007 7:25:06 PM


thanks for your help.

1/8/2007 8:04:35 PM

Similar Artilces:

web service SOAP Headers
If this isn't the right forum, let me know what is.Is there a difference between SOAP serialization and  and XML serialization.I have been reading heavily and am now quite confused.I understand that SOAP serialization produces XML, but perhaps without a specific schema or a scheme very different from XML. In the context of web services, the XML Serializer is used to produce XML in SOAP format. What you may be getting confused about is that there is also a "runtime serialization" subsystem. This can serialize data either using a Binary Formatter, or a SOAP Formatter. It...

Encrypting User credential /Soap header --- Web service security
Hi, I want to use SOAP header as a tool for implementing secure web service. However, I have been told that when I send user credentials across the Internet via SOAP headers, they will be sent as a plain text in XML format, ie. they are vulnerable to prying eyes. One method to get around this is to encrypt the user credentials prior to sending them and provide an equivalent decryption algorithm in the web service. I am new to encryption and where can I find examples ( codes in Vb) or articles that can help me to solve this type of problem to secure the web service???? The user Id and pa...

How do I set a session ID in a web service SOAP header using a .NET proxy?
I have a web service proxy set up in PB 10.5. I need to set a session ID in the SOAP header so the web service can validate subsequent requests for this session. Is this possible? You can't modify the SOAP headers unfortunately. That capability is supposed to be forthcoming in an EBF/Maintenance Release, but I do not now of an specific timeframe. On 20 Apr 2006 13:40:54 -0700, "Libby Engelbret" <lengelbret@npomn.com> wrote: >I have a web service proxy set up in PB 10.5. I need to set a session ID in >the SOAP header so the web service can val...

XML Web Service Message from .NET to NonStop SOAP Server
Here's the XML parsing error the NonStop (Tandem) SOAP Server is generating as a result of a Web Service request from my .NET web client.  The web service in question works fine when the XML request comes from the "test" html client.  My question is, is this a lack of carriage returns a problem?  (see trace information below) >> 2008/10/15 14:32:3::Y7H3:<< Unmarshal Error: Invalid input document: Unexpected extra node(s) at the end of the document>> 2008/10/15 14:32:3::Y7H3:<< SoapDocumentHandler::process:Fault occurre...

Problem in passing parameters to a web service when using SOAP Extensions
 Hi All, I implement a simple SOAP extension to validate incoming SOAP Messages by using SOAP extensions. It works properly when the service does not have any input parameters. but it does not send input parameters to the service if it has any. I log the request and it has all parameters correctly but I don't understand why it does not pass the parameters to the service.for example in the next code, it sets null for str and str1 and only returns ',' in the response. [WebMethod] public string SeperateWord(string str,string str1) { return str + "," ...

Web Service SOAP Header
Using VB. I have added a web reference to my project for a web service using the specified http WSDL. I have added an instance of the service to my page: Dim ws As New myservice One of the requirements is that I use header authentication in the SOAP response (username and password). What is the best way to approach this. I do not see any reference to header elements in the WSDL but here is a sample of the SOAP request required. Also I don't see any reference to a class for this type of authentication.<soap:Header> <wsse:Security soapenv:mustUnderstand="1" xmlns:...

How to using SOAP in Web Service?
 Hi, all: Today I'm learning how to using SOAP in web service. I encounter some problems in study. I am novice in web development.  I do not know how to use .html file to invoke remove service? Would you like to give me some advice? Thanks in advance! You need to add a service reference in visual studio and use .net.  That is the easiest way to do it for a beginner.Solutions Architect Coden Enterpriseshttp://www.codenenterprises.com/iblog Hi! Friend Include namespace using System.Web; Then you need to make a Web Services let says Services1.asmx Then a...

new UsernameToken exception from web page that consumes web service using soap
I've the following problem, that is generating a UsernameToken in an asp.net page:1) a web service (.net 1.1, WSE 2.0 SP3) that requires soap authentication with myUsernameTokenManager implementation 2) a winForm client (.net 1.1, WSE 2.0 SP3) that consumes the web service passing a UsernameToken in the Soap messages. 3) a web client that does the same as the winForm client but with error when generating the UsernameToken to add to the SoapContext. Here is the piece of code: UsernameToken tok = new UsernameToken(CurrentUser.Instance.UserID, CurrentUser.Instance.Password, Passwor...

Adding Web Reference to Web Service With SOAP Header in Visual Studio 2005
Hi, I'm a beginner in web service. Recently, I created a web service with custom SOAP header so it support security feature. I modify my code from a tutorial that I read: Imports System.Web Imports System.Web.Services Imports System.Web.Services.Protocols _ _ _ Public Class SecureHelloWorld Inherits System.Web.Services.WebService Public authentication As AuthenticationHeader _ Public Function HelloWorld() As String If authentication.Name = "Hello" AndAlso authentication.Password = "World" Then Return &quo...

How to consume a web service using SOAP
hello guys,    I have a webservice written in asp.net with vb.net as code behind.The return type of the web service is DataSet.I want  to access this web service using SOAP.Please send me the code as soon as possible.it's very urgent. Regards, Balaji.    Balaji,Chennai...

How to access a web service using SOAP?
Hi all, This is the 1st time I'm trying to use web service, so I have lots of problem. I wish to use the SOAP method, but all I found on book are Post and Get method. And the more I read from the forum, the more confued I get, so I need help urgently. the URL of my web service "http://pgnote101/eDelegation/Service1.asmx" Let's say it has a function the take 2 parameters "delegator" and "period_from" and return a boolean value. How can i call the function ang get its value back? thanks!! SOAP is a messaging protocol and is used over HTTP in case of a WebService. Th...

Soap Header authentication in web service
Hi All, I am trying to call a webmethod in an external web service. But tht web service have implemented authentication via Soap Header. This is the format of Soap header which I have to pass, <soap:Header>        <wsse:Security soap:mustUnderstand="1" >            <wsse:UsernameToken>                <wsse:Username>USER@CUSTOMER</wsse:Username>         ...

SOAP Web Service Problem (problema con un web service)
Please help, I can't read a webservice method (webmethod) from asmx web service, with Delphi firemonkey, In my first try I put a WDSL Importer, and I can retrive data from simplex type (string, booleans, integers) but when the method returns a DataSet, i loose my way. Por favor, ayuda, no puedo leer datos de un web service si el metodo que regresa es un DataSet, el web service esta hecho en dot.net así que es un asmx, utilizando el WDSL importes, traje datos sencillos como enteros, boleanos y otros, pero en el caso de arreglos como un DataSet no lo he conseguido, estoy perdido, y l...

Invoking Web services using SOAP Driver
Hello.... I am a newbee in IDM. I would like to know how the SOAP driver is configured and activated to communicate with the web services located in other servers. Although SOAP configuration is mentioned (ie too confusing...), you have left out the activating SOAP driver... I have created a DSML driver locally which returns an error specifying that getSchema doesnt returned any schema. I would like to know whre is the package "com.novell.nds.dirxml.driver.soap.util" available. Please let me know the location where the jar files (which are mandatory[SOAPUtil.jar ...

Web resources about - why using soap header to pass user credential not soap body? - asp.net.xml-web-services

Credential - Wikipedia, the free encyclopedia
A credential is an attestation of qualification, competence, or authority issued to an individual by a third party with a relevant or de facto ...

GraphicMail, Janrain Engage Enable Email Newsletter Signup Via Facebook Credentials
... Janrain Engage to its clients’ customizable newsletter signup forms, allowing them to sign in with their Facebook account information, or credentials ...

Discussion of credentials of Maajid Nawaz - Quilliam - YouTube
Glenn Beck discusses the background of Quilliam Chairman Maajid Nawaz on Fox News - The Daily Beck.

Russian gang said to amass more than a billion stolen internet credentials
A Russian crime ring has amassed the largest known collection of stolen internet credentials, including 1.2 billion username and password combinations ...

Japan underline Asian Cup credentials with 4-0 thumping of Palestine
The class of the reigning Asian Cup champions was on full display at Hunter Stadium on Monday night as Japan opened their title defence with ...

Facebook attacked with credential-harvesting malware - MediaFire, applications, Data Protection - Social ...
Dorkbot variant infection unusual because the criminals exploited a flaw in the file-sharing site MediaFire to spread the malware

Maxwell ready to express Test credentials
GLENN Maxwell’s fearless attitude to strokeplay has made him a star of short-form cricket and a Test wannabe.

Obama mocks Romney military credentials
Sky News is Australia's leader in 24-hour news. Barack Obama has aimed to belittle rival Mitt Romney's commander-in-chief credentials, accusing ...

Accused Potts Point attacker spruiked his fighting credentials, court hears
A man accused of king-hitting an 18-year-old in Potts Point on New Year's Eve allegedly assaulted four strangers in the same spot after telling ...

Fawad Ahmed quietly rebuilding his Test credentials
... auditions for a Test berth. But those poor performances have proven to be the exception, rather than the rule, regarding his red-ball credentials. ...

Resources last updated: 1/22/2016 5:19:11 AM