I am working with Flex, Webservices and C# and I would like to secure the access on my web services through SOAP.
I spent 2 days on this problem:
My asmx file where i describe my webmethod:
public ServiceAuthHeader CustomSoapHeader = new ServiceAuthHeader();
[SoapHeader("CustomSoapHeader")]
[WebMethod(Description = "Return Somme")]
public int getTotal(int x, int y)
{
ServiceAuthHeaderValidation.Validate(CustomSoapHeader);
var total = x+y;
return total;
}
public class ServiceAuthHeader : SoapHeader
{
// SoapHeader for authentication
public string Username;
public string Password;
}
Then I wrote a class to check if the content of SOAP Header is good.
public class ServiceAuthHeaderValidation
{
[SoapHeader("soapHeader")]
[WebMethod(Description = "Check Header")]
public ServiceAuthHeader Validate(ServiceAuthHeader soapHeader)
{
if (soapHeader == null)
{
throw new NullReferenceException("No soap header was specified.");
}
if (soapHeader.Username ==null)
{
Console.WriteLine(soapHeader.Username);
throw new NullReferenceException("Username was not supplied for authentication in SoapHeader!");
}
if (soapHeader.Password == null)
{
throw new NullReferenceException("Password was not supplied for authentication in SoapHeader.");
}
if (soapHeader.Username != "JOE") || soapHeader.Password != "JOE")
{
throw new Exception("Please pass the proper username and password for this service.");
}
return true;
}
}
So far I think I'm right.
But while i want to implement it in Flex:
var q1:QName=new QName("http://localhost:59399/Service1.asmx?wsdl", "Header1");
header1=new SOAPHeader(q1, {String:"JOE",String JOE});
_serviceControl.addHeader(header1);
I get a NullReferenceException on my username, which seems to be not supply.
My Webservice works, except when I try to implement:
ServiceAuthHeaderValidation.Validate(CustomSoapHeader);
Could someone reply me in order to know what is missing ? or my mistake..
THank you for your time.
So far StackoverFlow helped me a lot by reading different answers but today I stay stuck on it. If someone can help.
I just use a custom XML:
public function addUserCredentials(username:String, passwordHash:String):ISoapInvocation
{
var headerDetails:XML =
<Security xmlns={wsse}>
<UsernameToken>
<Username>{username}</Username>
<Password>{passwordHash}</Password>
</UsernameToken>
</Security>;
securityHeader = new SOAPHeader(securityQName, headerDetails);
return this;
}
Keep in mind that using {} inside an E4X definition looks like a binding that updates, it's not.
Thanks a lot, Sophistifunk
I finally added in my generated AS sub class.
var header1:SOAPHeader;
var q1:QName = new QName("http://localhost:80/", "Header");
header1 = new SOAPHeader(q1, {});
var a:XML = <AuthHeader xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns="http://localhost:80/">
<UserLogin>Joe</UserLogin>
<mdp>test</mdp>
</AuthHeader>
header1.content = a;
_serviceControl.addHeader(header1);
But when we implement a new WebService in Flex 4 through its IDE, everything is generated in AS.
But The way to manage the header sucks really.
That should take in charge automatically the security Header.. I mean create a function setLogin or setpassword bindable from or mxml application.
Anyway.
If someone know a way to take in charge the Header of SOAP through a better way.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.