Using this method we simply add a required SOAP header to our web services calls.
We embed the SOAP header into our message and validate its contents on the server.
If the SOAP header validation done successfully, the web server sends the web service response to the consumer.
Pretty simple, right?
Using the code
First we had our service declaration:
Notice that the “WebServiceBinding” attribute has the “Name” argument set to “TestService”, I’ll explain this later.
Now, I write the custom SOAP header that I want to include in the SOAP message.
To do this I’ll create a class inherited from “System.Web.Services.Protocols.SoapHeader” , and I’ll but the required properties in it.
Let’s add instance from that header in our service
Note that the visual studio will create a property in web service proxy called “UserCredentialsValue” which will map the “consumer” public property in the web service.
Now we had to write a “Web Method” that uses that header in messaging.
Note that I have added the “Binding” value to that I had used in declaring my service.
Also I declared the SOAP header that method will require when called, as long as declaring it with required.
Now, the only thing is remaining is to call the service with the SOAP header:
We just get reference to the service and the SOAP header, assign the SOAP header properties, attach it with the SOAP message and then make our call to the web method.
This is the console result after calling the service with username = “Ahmed” and password = “1234”
This one with other data
Securing their web services is a thing that many developers ignore while they are working; they relay that on that is a difficult and nasty task.
In the fact securing web service is all about understand the messaging layer and the protocols, you just need to go a little more deep and then you will find it is a very simple task.
I hope that helped