How to determine web service consumers

"Bob" <Bo*@discussions.microsoft.comwrote in message
news:45**********************************@microsof t.com...

>I have a 1.1 framework VB.NET web service that is being called my multiple
clients. How can I determine the name of the client app that is calling
the
web service at runtime from the web method?

In general, you can't. Have the "client app" send its name to the service.

What do you need this for? Do you need it to be secure?
--
John Saunders [MVP]

Ok. It's secure - If the web service would tell me, I wouldn't need to go
modify the 6 or so apps that are calling it.

Thank you John.

"John Saunders [MVP]" wrote:

"Bob" <Bo*@discussions.microsoft.comwrote in message
news:45**********************************@microsof t.com...

I have a 1.1 framework VB.NET web service that is being called my multiple
clients. How can I determine the name of the client app that is calling
the
web service at runtime from the web method?

In general, you can't. Have the "client app" send its name to the service.

What do you need this for? Do you need it to be secure?
--
John Saunders [MVP]

"Bob" <Bo*@discussions.microsoft.comwrote in message
news:D0**********************************@microsof t.com...

Ok. It's secure - If the web service would tell me, I wouldn't need to go
modify the 6 or so apps that are calling it.

I asked if it needs to be secure so I would know how bad it would be if a
calling application pretended to be some other calling application.

At any rate, in general, the recipient of a TCP/IP message doesn't know
_who_ called it. It only knows the sending IP address and port. HTTP doesn't
add any automatic determination of client identity to TCP/IP, so there is
none - at least not automatically. There are several methods you could use
to cause the clients to identify themselves, but none are automatic.

One method would be for the client to pass a certificate to the server. The
server could validate the certificate and then know with some certainty who
was calling.

Another method would be for the client to send a username and password, and
it would be known, with somewhat less certainty, who was calling.
--
John Saunders [MVP]

I didn't think of the certificate - I'll give that a try. I did get a soap
header to work, but that still makes me update the clients and the web
service. The soap header does make it somewhat easier in that I don't have
to change signatures on the webmethods to pass the userid/pw or the appname
as a function parameter. I haven't tested performance on using the soap
header which is a factor because these services can get hit pretty hard.

Thanks for your answers.

"John Saunders [MVP]" wrote:

"Bob" <Bo*@discussions.microsoft.comwrote in message
news:D0**********************************@microsof t.com...

Ok. It's secure - If the web service would tell me, I wouldn't need to go
modify the 6 or so apps that are calling it.

I asked if it needs to be secure so I would know how bad it would be if a
calling application pretended to be some other calling application.

At any rate, in general, the recipient of a TCP/IP message doesn't know
_who_ called it. It only knows the sending IP address and port. HTTP doesn't
add any automatic determination of client identity to TCP/IP, so there is
none - at least not automatically. There are several methods you could use
to cause the clients to identify themselves, but none are automatic.

One method would be for the client to pass a certificate to the server. The
server could validate the certificate and then know with some certainty who
was calling.

Another method would be for the client to send a username and password, and
it would be known, with somewhat less certainty, who was calling.
--
John Saunders [MVP]