Web Service Authentication Via SOAP Headers


While working with web services one of the commonly faced question is - How do I secure my web service? One aspect of security is preventing anonymous access to the web service. This can be done in various ways such as passing user id and password with each web method call. One elegant alternative is to use SOAP headers to pass this authentication information. This code sample shows how to use SOAP headers to pass authentication information to the web service.

About SOAP Headers

Every SOAP message consists of SOAP body and optional header. SOAP header serve similar purpose as familiar HTTP headers such as passing some information. Note that SOAP headers are passed as plain text over the network. This means that if you need strong security measures you may not like to use them without some kind of encryption.

About Sample Source Code

A ZIP file is provided with this article for download. The ZIP contains two VS.NET projects - web service and web service client. The client passes user information such as User ID and Password in the SOAP headers to the web service. The web service then authenticates the user and sends back response accordingly.

Bipin Joshi is an independent software consultant, trainer, author, and meditation teacher. He has been programming, meditating, and teaching for 25+ years. He conducts instructor-led online training courses in ASP.NET family of technologies for individuals and small groups. He is a published author and has authored or co-authored books for Apress and Wrox press. Having embraced the Yoga way of life he also teaches Ajapa Yoga to interested individuals. To know more about him click here.

Get connected : Facebook  Twitter  LinkedIn  YouTube

Posted On : 22 November 2002

Tags : ASP.NET Web Services Security Configuration XML