I dont know whethet i would be able to explain properly but i have tried my
best.
First you need to create one webmethod called "LogOnToServer".This method
will take 4 parameters:
[1] username(string datatype)
[2]UserKey(which will be sessionId)
[3] errorcode(reference parameter)
[4] errormessage(reference parameter)
In this method you can write the logic to validate user credentials.That is
you need to maintain
one hashtable object.When for first tme end users calls this method then you
need to insert
UserName and userkey into that Hashtable.Userkey will be sessionId.For
sessionid to work you need
to write attribute EnableSession="true" in this webmethod.Now assign this
seesionid to reference
parameter userkey of this webmethod.Now all the other webmethods will have 4
extra
parameters(that is username,Userkey,errorcode and errormessage).When the end
user calls this
sensitive webmethod you can check in the previous hashtable whether for
particular
username,userkey(that is sessionid) is valid.If it is not valid then you can
return appropriate
errorcode/errormesage.Instead of hashtable you can do same thing through
database also.In this
way you can authenticate users.If you want further to increase security then
you can also
implement message level security.That is every soap messages that are sent
to and fro to web
services can be encrypted using Tripe DES.For this you will find following
link useful:
http://www.c-sharpcorner.com/UploadF...Service1116200
5021034AM/SOAPHeaderandSOAPExtensionsinaWebService.aspx
Hope this hepls you out.If you still have doubts then please let me know.
Thanks and regards,
Manish Bafna.
MCP and MCTS.
"Morten71" wrote:
I'm fairly new to web services in .net/vs.
I'm wondering about a few ws things:
- should I create a new ws project for every ws?
- how do I best ensure that only selected consumers can use a ws?
- how do I best pass back receipts to the ws consumer?
Have googled the above, but with little success.
Hope someone can kick start me/point to a authoritative resource.
Morten