Search content within the blog

Wednesday, April 22, 2009

Web services Authentication and authorization using Soap headers

In the following code an attempt is made to access the web service without providing any credentials which is rejected and then with wrong credentials and finally with proper credentials the web service is accessed ans the user is authenticated.The code is self explanatory.
Web service code

using System.Collections;
using System.ComponentModel;
using System.Data;
using System.Diagnostics;
using System.Web;
using System.Web.Services;
using System.Web.Services.Protocols;

namespace AuthForWebServices
{
///
/// Summary description for WebService.
///

public class WebService : System.Web.Services.WebService
{
public AuthHeader Authentication;

public WebService()
{
//CODEGEN: This call is required by the ASP.NET Web Services Designer
InitializeComponent();
}

#region Component Designer generated code

//Required by the Web Services Designer
private IContainer components = null;

///
/// Required method for Designer support - do not modify
/// the contents of this method with the code editor.
///

private void InitializeComponent()
{
}

///
/// Clean up any resources being used.
///

protected override void Dispose( bool disposing )
{
if(disposing && components != null)
{
components.Dispose();
}
base.Dispose(disposing);
}

#endregion

[SoapHeader ("Authentication", Required=true)]
[WebMethod (Description="Returns some sample data")]
public string SensitiveData()
{

//Do our authentication
//this can be via a database or whatever
string data = null;
if(Authentication.Username.ToLower().Trim() == "ashwin" && Authentication.Password.ToLower().Trim() == "payal")
{
data= "Authenticated user
";
}
else
{
data= "Invalid credentials
";
}

return data;
}

}

public class AuthHeader : SoapHeader
{
public string Username;
public string Password;
}
}

ASPX page code
using System;
using System.Collections;
using System.ComponentModel;
using System.Data;
using System.Drawing;
using System.Web;
using System.Web.SessionState;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Web.UI.HtmlControls;

namespace AuthForWebServices
{
///
/// Summary description for WebForm1.
///

public class WebForm1 : System.Web.UI.Page
{

private void Page_Load(object sender, System.EventArgs e)
{
//simple client
AuthWebService.WebService webService = new AuthWebService.WebService();
AuthWebService.AuthHeader authentication = new AuthWebService.AuthHeader();

//without username password
try
{
Response.Write(webService.SensitiveData());
}
catch
{
Response.Write("Attempt 1 : no crendentials supplied.
");
}

authentication.Username = "Mr.x";
authentication.Password = "payal";
webService.AuthHeaderValue = authentication;

//Invalid username password
try
{
Response.Write(webService.SensitiveData());
}
catch
{
Response.Write("Attempt 1 : no crendentials supplied.");
}
//valid uname, password
authentication.Username = "ashwin";
authentication.Password = "payal";
webService.AuthHeaderValue = authentication;
Response.Write(webService.SensitiveData());

}

#region Web Form Designer generated code
override protected void OnInit(EventArgs e)
{
//
// CODEGEN: This call is required by the ASP.NET Web Form Designer.
//
InitializeComponent();
base.OnInit(e);
}

///
/// Required method for Designer support - do not modify
/// the contents of this method with the code editor.
///

private void InitializeComponent()
{
this.Load += new System.EventHandler(this.Page_Load);

}
#endregion
}
}

//output is as follows
Attempt 1 : no crendentials supplied.
Invalid credentials
Authenticated user

No comments:

Post a Comment