Thursday, 30 July 2015

How to create a secure webservice in

Web service is a way to communicate between 2 machines via http, those 2 machines can be on different platform.
See more about web service at this url :

As you know web service is a way to communicate over http, so the main concern here is security.
What are the possibilities and ways to make a secure web service.

Below are few authentication options that are available to web service in ASP.Net

  1. Windows Basic
  2. Windows Basic Over SSL
  3. Windows Client Certificates
  4. Custom SOAP Headers
In this blog I will explain about how can we secure web service using Custom SOAP Header.

SOAP web service includes following items it it.
SOAP Envelop, SOAP Header, SOAP Body, SOAP Fault

Lets implement Custom SOAP Header by an example.

Create a Web Project in Visual Studio, Add web service in your project.

Write Below code:

using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.Script.Serialization;
using System.Web.Script.Services;
using System.Web.Services;
using System.Web.Services.Protocols;

/// <summary>
/// Summary description for TestService
/// </summary>
[WebService(Namespace = "")]
[WebServiceBinding(ConformsTo = WsiProfiles.BasicProfile1_1)]
// To allow this Web Service to be called from script, using ASP.NET AJAX, uncomment the following line. 
// [System.Web.Script.Services.ScriptService]
public class TestService : System.Web.Services.WebService {

    public TestService () {

        //Uncomment the following line if using designed components 

    public AuthHeader Authentication;
    [ScriptMethod (ResponseFormat = ResponseFormat.Xml)]
    public string GetMessage(string name)
        if (Authentication.Username == "myid" && Authentication.Password == "mypwd")
            string msg = string.Format("Hello {0}", name);
            return msg;

            return "User Authentication Fail";

public class AuthHeader : SoapHeader
    public string Username;
    public string Password;

Now create a client to consume web service.
I have created a console application to consume.

 static void Main(string[] args)

            WebServiceReference1.TestServiceSoapClient webservice = new WebServiceReference1.TestServiceSoapClient();
            WebServiceReference1.AuthHeader authentication = new WebServiceReference1.AuthHeader();

            authentication.Username = "myid";
            authentication.Password = "mypwd";

            string msg = webservice.GetMessage(authentication, "SharePoint Cafe User");


In above example, I have mentioned a dummy username and password, good way to implement is to check username and password is from some data sources like sql and xml.

Also note that I have added below attribute to web method GetMessage()


No comments:

Post a Comment

Dear Readers, Please post your valuable feedback in the comment section if you like this blog or if you have any suggestions. I would love to hear the same from you. Thanks