Home/ Questions/Q 3392466
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-18T03:55:26+00:00

An app I’m working on interfaces with an existing application running on a remote

  • 0

An app I’m working on interfaces with an existing application running on a remote box. Communicaitons with the remote app are via its public web services. I’ve been asked to build an enhancement which will involve a client making use of the web service to handle sensitive data which will need to be transmitted securely.

Could anyone give me some pointers on how best to proceed?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    To start, you should be using SSL and reject any requests that are not using it. This will encrypt data as it’s being transmitted over the Internet.

    If you are using SOAP, you could define a custom header in your service that takes a username / password. Then, for the first line in each public method, validate the username and password against a database. If successful, set the HttpContext.Current.User appropriately, and your service will tie in nicely with the built in Asp.NET infrastructure.

    ADDED: Below is a sample SoapHeader that includes a username / password for authentication.

    // define the header
public class AuthenticationHeader : SoapHeader
{
    public String UserName { get; set; }
    public String Password { get; set; }
}

// your service
public class PublicWebService : WebService
{
    // defines an instance of the header as part of the service
    public AuthenticationHeader Authentication;

    private void Authenticate()
    {
        // validate the username / password against a database
        // set the HttpContext.Current.User if successful.
        // Maybe throw a SoapException() if authentication fails
    }

    // Notice the SoapHeader("Authentication") attribute...
    // This tells ASP.Net to look for the incoming header for this method...
    [WebMethod]
    [SoapHeader("Authentication")]
    public void PublicMethod1()
    {
        Authenticate();

        // your code goes here
    }

    // Expose another method with the same authentication mechanism
    [WebMethod]
    [SoapHeader("Authentication")]
    public void PublicMethod2()
    {
        Authenticate();

        // your code goes here
    }
}

    Now, if you run the wsdl tool, the generated proxy class will include the defined authentication header:

    PublicWebService s = new PublicWebService();
s.Authentication = new AuthenticationHeader();
s.Authentication.UserName = "xxxxxxxx";
s.Authentication.Password = "yyyyyyyy";
s.PublicMethod1();
s.PublicMethod2();
    • 0