Web service with password protection

Question

4.50/5 (2 votes)

See more:

Hi All,

I want to create a web service in C#, which asks for a valid user name and password to access it.

Is there a way?

Please help.

Thank you

Posted 28-Jan-13 16:56pm

Dee_Bee

Updated 28-Jan-13 17:11pm

v2

Add a Solution

Comments

PIEBALDconsult 28-Jan-13 23:18pm

Of course there's way (several). But how will users create accounts?

Dee_Bee 28-Jan-13 23:51pm

No not users. There must be a specific user name and password to enter. Then only users could be able to use particular web service.

Thank you,

PIEBALDconsult 29-Jan-13 9:10am

Then one of your users tells two friends, and they tell two friends, and so on and so on. Not a good idea. Might as well not have a name and password.

Dee_Bee 30-Jan-13 0:35am

It's not about people and their friends. It's about a firm and employees. It makes difference.

PIEBALDconsult 30-Jan-13 9:41am

Then why have it?

2 solutions

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

RDBurmon · Answer 1 · 2013-01-28T17:04:00

You can user userPrincipalName inside the service config file.

C#

<identity> <userPrincipalName value="someone@cohowinery.com" /> </identity>

You can also call by code.

C#

string uri = "http://loaclhost:8989/MyService";
EndpointIdentity epid = EndpointIdentity.CreateUpnIdentity(@"MACHINE\user");
EndpointAddress epaddr = new EndpointAddress(uri, epid); ServiceReference1.Service1Client client = new ServiceReference1.Service1Client(epaddr);

Accept and vote if helps otherwise revert back with queries
--RDB

yoganandaraol · Answer 2 · 2013-01-28T19:24:00

Configuring SoapHeader to webmethods will solve your problem.

In webservices messages will be transformed through wire in SOAP format.
SOAP basically contains SOAP Envelope which is collection of
SOAP Header (The data which is sensitive and need to be transferred usually credentials, Credit card details.... etc )
SOAP Body (Main result)
SOAP Fault or Error (Error message from service)

Define a class which implements SoapHeader and define 2 properties named UserName and Password.

ex:

C#

public class CustomAuth: System.Web.Services.Protocols.SoapHeader
{
    public string UserName;
    public string Password;
}

Set the Soap Profile 1.1 to enable this security feature

Following is the service implementation

C#

[WebServiceBinding(ConformsTo = WsiProfiles.BasicProfile1_1)]
public class TestService : System.Web.Services.WebService
{
     public CustomAuth myTestSvcAuthentication;

    [WebMethod()]
    [SoapHeader("myTestSvcAuthentication",Required=true)]
    public string DoSomething()
    {
        string _username =  myTestSvcAuthentication.UserName;
        string _password =  myTestSvcAuthentication.Password;
        if (CheckCredentials(_username, _password))
        {
            // Write your logic for DoSomething method
            return "Successfully done";
        }
        else
        {
            // return authentication failed message
            return new Exception("Authentication failed");
        }   
    }

    private bool CheckCredentials(string uname,string pwd)
    {
       try
       {
         // your database connection or active directory repository
         // login verification will be done here and return true
         // if credentials are correct if not return false 
      }
      catch(Exception ex)
      {
         //log and throw the error
      }
    }
}

Client Code

C#

//add service reference in using section
using MyService;// as per your configuration

TestService svc = new TestService();
CustomAuth customAuth= new CustomAuth();

//Set your username and password as you made contract with Service owners
  customAuth.UserName = "Yoganand";
  customAuth.Password = "Yoga@123";

 svc.myTestSvcAuthentication = customAuth;

 Console.WriteLine(svc.DoSomething());

For your ref: http://msdn.microsoft.com/en-us/library/8728chd5(v=vs.80).aspx[^]

hope it will help you.. :)
Happy Coding

Web service with password protection

2 solutions

Solution 1

Solution 2

Add your solution here

Preview 0