This documentation is archived and is not being maintained.

How to: Perform Custom Authentication Using SOAP Headers

This topic is specific to a legacy technology. XML Web services and XML Web service clients should now be created using Windows Communication Foundation .

The following custom solution is built using ASP.NET to provide an authentication mechanism using SOAP headers. The solution involves a custom IHttpModule on the Web server that executes the following steps:

  1. The HTTP Module parses HTTP messages to check whether they are SOAP messages.

  2. If the HTTP Module detects a SOAP message, it reads the SOAP headers.

  3. If the SOAP message has the SOAP header with authentication credentials, HTTP Module raises a custom global.asax event.

In the sample provided, the HTTP Module authenticates the user and sets Context properties that a Web service can use to decide whether the client is authorized access to the Web service.

9z52by6a.note(en-us,VS.100).gifNote:
In this sample, the text is sent over the network in clearly readable text (it is not encrypted). If clear text is not secure enough for your application, add an encryption algorithm.

Example

The following code example is an HTTP Module that parses HTTP messages for SOAP requests. If the HTTP message is a SOAP message, the custom WebServiceAuthenticationEvent is raised.

No code example is currently available or this language may not be supported.

The following code example is the custom authentication event that is raised by the HTTP Module, if a SOAP request is received.

No code example is currently available or this language may not be supported.

The following code example is the delegate for the custom WebServiceAuthenticationEvent event.

No code example is currently available or this language may not be supported.

The following code example is a Web service that defines the Authentication SOAP header that a client must pass. The Web service does not have to do the authentication. Rather, it can inspect the User.Identity.IsAuthenticated property to determine if the HTTP Module has authenticated the user.

No code example is currently available or this language may not be supported.

The following code example is a Web service client that passes the necessary credentials for a custom SOAP header authentication mechanism within an Authentication SOAP header.

No code example is currently available or this language may not be supported.

See Also

Show: