I finally got around to play a little with the SoapHeader class this morning. The SoapHeader class actually represents the SoapHeader block within the Envelope (doh). You can place custom data in this block which will be available to intermediaries as well as the ultimate destination of the message. A Quick example to illustrate the use of the SoapHeader class.
public class BusinessLayer : System.Web.Services.WebService
{
public class SecurityCheck : SoapHeader
{
public string UserName;
public string Password;
public string publickey;
}
public SecurityCheck Security = new SecurityCheck();
......
[WebMethod]
[SoapHeader("Security")]
public void DoBusiness()
{
if (Security.publickey != "0xBABE")
throw new System.Security.SecurityException("Stupid intruder");
.......
}
}
We create a nested class in our webservice which is derived from the SoapHeader class. The class is placed within the webservice for ease of use. We create a public variable/instance of the SecurityCheck class.
The SoapHeader attribute is placed on the webmethod. When the method is called by the client, reflection is used here to locate the Security variable (which is why it must be public), when the variable is found, the values are filled with the values provided by the client. This means that at runtime you can check the SoapHeader (in our case the SecurityCheck class) for values that makes sense to your application.
The SoapHeader attribute is mandatory e.g. it must be filled out by the client, thereby enforcing what ever logic you put into this soapheader, in our case a complicated security check is performed :)
take a look at the Soap Request produced by this example:
POST /SoapTest/Service1.asmx HTTP/1.1
Host: localhost
Content-Type: text/xml; charset=utf-8
Content-Length: length
SOAPAction: "http://tempuri.org/DoBusiness"
<?xml version="1.0" encoding="utf-8"?>
<soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
<soap:Header>
<SecurityCheck xmlns="http://tempuri.org/">
<UserName>string</UserName>
<Password>string</Password>
<publickey>string</publickey>
</SecurityCheck>
</soap:Header>
<soap:Body>
<DoBusiness xmlns="http://tempuri.org/" />
</soap:Body>
</soap:Envelope>
now when a client calls the webservice it would look like this:
WebServiceProxy.BusinessLayer biz = new WebServiceProxy.BusinessLayer();
WebServiceProxy.SecurityCheck chk = new WebServiceProxy.SecurityCheck();
chk.UserName = "Bush";
chk.Password = "fourmoreyears";
chk.publickey = "0xBABE";
biz.Security = chk; //pass on the SoapHeader information
biz.DoBusiness();
I am crazy about this programming model :). Validating business rules, enforcing custom security checks, you name it! SoapHeader is your friend here.
"There is no terror in a bang, only in the anticipation of it."
--Alfred Hitchcock
2:37:31 PM 
|
