Level Extreme platform
Subscription
Corporate profile
Products & Services
Support
Legal
Français
Articles
Search: 

Basic Web Service authentication model
Michel Fournier, January 1, 2006
There are various ways to authenticate a user to a Web Service. This article discusses one way to do it by the use of Cookies. As it could the case with a Web page sending a cookie to the browser, the same can be used from within a Web Service.
Summary
There are various ways to authenticate a user to a Web Service. This article discusses one way to do it by the use of Cookies. As it could the case with a Web page sending a cookie to the browser, the same can be used from within a Web Service.
Description

There are various ways to authenticate a user to a Web Service. This article discusses one way to do it by the use of Cookies. As it could the case with a Web page sending a cookie to the browser, the same can be used from within a Web Service. This article assumes that you already have a Web Service project defined in the Visual Studio 2005 environment.

The goal here is to authenticate the user once so he can gain access to all the methods available in the Web Service. I have seen Web Services where the authentication scheme is sent at every method call. While this approach can be used to avoid establishing the structure of the authentication model at the client side, it does require the user to deal with this authentication scheme at every method call. I prefer to have it done once, by the use of a Login() method, such as we do for a Web site, so the authentication scheme is done automatically for all the other methods.

Login method

Let's define our first method in the Web Service. We will call it Login(). This method accepts two parameters. The first parameter is for the username and the second one for the password. This method returns a boolean, thus for the success of the operation, which is true or false. For now, we simply return true for our first step. Notice that I have named the class UniversalThread. This is what we will use as the class name for the purpose of this article.

Imports System.Web
Imports System.Web.Services
Imports System.Web.Services.Protocols

<WebService(Namespace:="http://www.universalthread.com/WebService/")> _
<WebServiceBinding(ConformsTo:=WsiProfiles.BasicProfile1_1)> _
<Global.Microsoft.VisualBasic.CompilerServices.DesignerGenerated()> _
Public Class UniversalThread
    Inherits System.Web.Services.WebService

    ' Do the login for the specific user
    <WebMethod()> _
        Public Function Login(ByVal tcUsername As String, ByVal tcPassword As String) _
         As Boolean
        Dim llSuccess As Boolean
        Return llSuccess
    End Function

End Class

Client side Web Service setup

From the client side, to test our Web Service, we simply add a button and put all the required code in it. For this purpose, we create a new Windows application. In the form, we simply drop a button control in it.

Next, we need to add a reference to this Web Service in our application. To do this, simply right click on the project and select Add Web Reference.

From the Add Web Reference dialog, we need to add the reference. For our test purposes, we are selecting the Web Service from our local PC, thus by the use of localhost.

When entering the proper URL, the Web Service definition should appear, thus, in our case, we simply have one method. To complete this operation, click on Add Reference. In Solution Explorer, you should now see a new item Web References with the reference under it. For the purpose of this article, we will name the reference to WebService. This is the reference we will use in the code to access our methods.

First test

To test the functionality of the Web Service, in the click event of the button, we will the code to define a Web Service object and do a simple call to the Login() method. Note that the Web Service simply returns the value of llSuccess for now, which has a default value of false. Thus, by executing this form, and by clicking on the button, we should obtain a messagebox with the text false in it.

Public Class Form1

    Private Sub Button1_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) _
     Handles Button1.Click
        Dim loWebService As WebService.UniversalThread = New WebService.UniversalThread
        Dim llSuccess As Boolean
        llSuccess = loWebService.Login("Username", "Password")
        MessageBox.Show(llSuccess)
    End Sub

End Class

Establishing the authentication

Back to our Web Service definition, the fun part is when we authenticate the user as to know if he is authorized to access the Web Service and do whatever is necessary to keep this authentication valid across the calls of all the other methods. We will adjust our Login() method to verify that the username and password are valid. We will simply verify that the username received as the first parameter is equal to "Username" and that the password received, the second parameter, is equal to "Password". If that is valid, we will create a cookie named Session with the value "01234567".

Public Function Login(ByVal tcUsername As String, ByVal tcPassword As String) As Boolean
    Dim llSuccess As Boolean

    ' See if this user has provided the proper username and password
    If tcUsername = "Username" And tcPassword = "Password" Then
        llSuccess = True
    End If

    ' If llSuccess is True then we can create the cookie
    If llSuccess Then
        System.Web.HttpContext.Current.Response.Cookies("Session").Value = "012345678"
    End If

    Return llSuccess
End Function
At this point, it is not needed to adjust anything on the client side to test this adjustment. From the client side, the only way to be sure the authentication is well established is to call another method of the Web Service which will only work if the authentication works. So, we will create another method named GetTime() to simply return the time of the server. As it will be the case of all other methods, before executing the code of the method, we will verify the authentication first. This will be done by calling the CheckLogin() function. If it fails, we will throw an error with the proper message. Otherwise, the authentication is valid and we can proceed by returning the proper content in regards to the method called. Note that the CheckLogin() method is storing the Session cookie value into lcSession, if it exists, for future development.
' Return the time of the server
<WebMethod()> _
Public Function GetTime() As String
    CheckLogin()
    Return System.DateTime.Now()
End Function

' Check for the login
Public Function CheckLogin() As Boolean
    Dim llSuccess As Boolean
    Dim loCookie As System.Web.HttpCookie
    Dim lcSession As String
    Dim lcError As String
    loCookie = System.Web.HttpContext.Current.Request.Cookies("Session")
    lcError = ""
    If Not loCookie Is Nothing Then
        lcSession = loCookie.Value.ToString()
        llSuccess = True
    Else
        lcError = "You have to login in order to use the Web Service."
        llSuccess = False
    End If
    If llSuccess = False Then
        Throw New System.Exception(lcError)
    End If
End Function

Final setup on the client side

As everything has been done on the server side, we can now adjust our client side code to benefit of this authentication and proceed with the call of another method. We will adjust the code of the click event of the button to be a little bit more detailed. It will make sure the authentication is properly established. If not, it will display a messagebox with the related text and stop the execution of the code. When the authentication is properly established, the execution of the code will continue and call the GetTime() method.

    Private Sub Button1_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) _
     Handles Button1.Click
        Dim loWebService As WebService.UniversalThread = New WebService.UniversalThread
        Dim llSuccess As Boolean
        Dim lcTime As String
        llSuccess = loWebService.Login("Username", "Password")
        If llSuccess = False Then
            MessageBox.Show("The authentication is not valid.")
            Exit Sub
        End If
        lcTime = loWebService.GetTime()
        MessageBox.Show(lcTime)
    End Sub
As this point, executing this code, should give you the following:

This is normal as in order for the client side to establish the proper setup, when the authentication succeeds, we need to add one more thing. By default, the Visual Studio environment will not setup the cookie. We have to turn this option ON. This can be done by doing one simple adjustment in our code.

Private Sub Button1_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) _
 Handles Button1.Click
    Dim loWebService As WebService.UniversalThread = New WebService.UniversalThread
    Dim llSuccess As Boolean
    Dim lcTime As String
    loWebService.CookieContainer = New System.Net.CookieContainer
    llSuccess = loWebService.Login("Username", "Password")
    If llSuccess = False Then
        MessageBox.Show("The authentication is not valid.")
        Exit Sub
    End If
    lcTime = loWebService.GetTime()
    MessageBox.Show(lcTime)
End Sub
Basically, we have to tell the Web Service object to assign a new cookie container so the received cookie can be stored. Once that done, executing this code will show the server time.

This article was providing a simple authentication model which can be used. In a more advanced article, the proper username and password should be passed, the Web Service code should apply those username and password values against a database validation and so on. But, it should provide you a good overview of a simple authentication model to start with.

Source code

Michel Fournier, Level Extreme Inc.
Michel Fournier is a professional, visionary, perfectionist, mostly known for his renowned realizations over the years, designer, architect, owner of the « Level Extreme Platform », formerly known as the « Universal Thread », recognized as one of the longest running Web sites of the planet, also known as a precursor to social networking, product manager, Internet serial entrepreneur, practiced Lean Startup techniques long before they were known, out of the box thinker, using the tenth man rule, specializes in building entire virtual data center solutions, has provided high end IT consulting worldwide, has owned and operated three companies, delivered worldwide renowned e-commerce Web sites, designed and architected two world class top level development frameworks, wrote over 100 IT articles for various sources, presented at user groups, conventions and corporations nationwide as well as in the US, has provided his contribution in political and legal issues to provide a better world, Owner and Senior IT Consultant at Level Extreme Inc., former Architect Software/Application & Project Manager, 7 times Microsoft Most Valued Professional for VB.NET, 7 times Microsoft Most Valued Professional for Visual FoxPro, Developers Choice award for best site at VFP DevCon 2000 Connections in New Orleans, featured in Acadie Nouvelle on October 2003.
More articles from this author
Michel Fournier, February 1, 2007
From the Level Extreme .NET Framework, this small class allows a developer to manipulate easily the content of a directory by the use of a dataset. With the setup of a few properties, a call to the method and the access to the object dataset, you can have access to the file properties of the directo...
Michel Fournier, August 1, 2001
It is interesting to see how something new can evolve. This is the case for the Universal Thread Magazine. We are now at our 3rd issue and we are already overbooked by scheduled articles and hot stuff we have to cover for the upcoming issues. Publishers are sending request for book reviews, wri...
Michel Fournier, October 1, 2002
UTMag/RapoZine team Editors Michel Fournier Claudio Lassala Co-editor Martín Salías Translation coordinators Claudio Lassala Martín Salías Translators Eduardo Vidigal Rodolfo Duarte Fábio Vazquez José Cavalcanti Moacyr Zalcman Fábio Vieira M...
Michel Fournier, May 1, 2006
In this article, Michel Fournier is providing a small introduction to manipulating XML data from VB.NET. The use of XML is now widely used for various purposes such as exchanging data between application, platforms and other environments. XML is a simple and very flexibile text format that can be ma...
Michel Fournier, October 1, 2001
In our daily things we do, sometimes we find ourselves in unexpected situations. Such situations, either in our personal life or from our professional work, require some adjustments in order to walk through them. The ability to take some time to take an overall look of what is happening, apply a bas...
Michel Fournier, March 1, 2007
In this small article, Michel discusses a problem he recently encountered when converting a dataset into XML to be used later on with a XSL transformation to export into an Excel sheet. When null values were present in the dataset, this was creating weird result. This article provides a quite alte...
Michel Fournier, February 1, 2006
This article discusses a simple banner fonctionalities function which can ease the display of banners on Web sites. If your Web site displays banners in GIF, JPG of Flash format, this function could be useful to you.
Michel Fournier, February 1, 2006
This article is a follow up on the first part of this article which appeared on our January 2006 issue. In this one, Michel discussed further implementation of getting the authentication from a members table as well as setting up a session per user.
Michel Fournier, December 1, 2003
Visual FoxPro and .NET are two great environments to build business applications with. But, fantastic they are when you combine them together in order to increase the strenght of the flexibility to respond to your client needs. In this article, I will demonstrate a case study in regards to a new ser...
Michel Fournier, December 1, 2002
Over the years, I have been involved in several types of desktop and Web applications. Every time you start a new project, there is always something new you will learn. In this article, I would like to detail some of the issues which are to be considered when delivering a Web based application. Thos...
Michel Fournier, January 1, 2003
This article is a follow-up with more advanced details in regards to the first article of this series in our December issue which included a tip on dealing with stylesheets. This one allows you to customize your HTML code based on the user, assuming each user has some ways to setup some specific sty...
Michel Fournier, March 1, 2003
The first two articles of this series have been published in the issues of December 2002 and January 2003. In this one, I will talk about graphic issues, how to negotiate with a form to launch his transaction to either within the same window or a new one, how to gather values from one page to anothe...
Michel Fournier, April 1, 2003
In this article, I will proceed with considerations about HTTP server variables being received from a browser and about considerations for opening new windows in your Web application. Relying on the protocol or not When it first started, we didn't ask that question to ourselves as to know ...
Michel Fournier, April 1, 2009
This articles describes the use of CDO.Message to gain the ability to retrieve a URL as a MHT file. It also covers an interesting approach to retrieve a URL even if this one requires a login.
Michel Fournier, January 1, 2006
Data dictionaries has its use and also for Web applications. I see many developers building Web applications who forget about many structured that used to be in place when developping desktop applications. The same should apply for Web applications as it is no different. This article discusses some ...
Michel Fournier, June 1, 2003
DevTeach was held in Montreal from May 10-13, 2003. It presented a new breed of conference. Sessions included both presentation material and, whenever possible, hands-on training. DevTeach brought under the same roof the best speakers available for .NET, SQL Server and Visual FoxPro as well as Micro...
Michel Fournier, May 1, 2002
The Essential Fox conference was held this weekend in Independence, MO. Once again, the Universal Thread team was on site to do the official coverage of the event. It has been a great success, well planned by Russ Swall, the event owner, and his team and well appreciated by the attendees. A total of...
Michel Fournier, April 1, 2002
UTMag/RapoZine team Editors Michel Fournier Claudio Lassala Translation coordinators Claudio Lassala Martín Salías Translators Eduardo Vidigal Rodolfo Duarte Fábio Vazquez Claudio Rola José Cavalcanti Moacyr Zalcman Ricardo Soares Fábio Vieira ...
Michel Fournier, September 1, 2001
Ever wonder how to successfully and rapidly display HTML lists to your users? Well, we all probably already did. However, its implementation differs a lot from sites to sites as we all have our own different approaches. Delivering Visual FoxPro data to the Web as if you would be in Visual FoxPro is ...
Michel Fournier, November 1, 2001
A lot of things happened recently in the Visual FoxPro world and for related technologies. The Great Lakes Great Database Workshop was being held in Milwaukee from Sunday October 27 to Wednesday October 31. That conference which primaly focused on Visual FoxPro has covered a lot of technologies...
Michel Fournier, December 1, 2002
UTMag/RapoZine team Editors Michel Fournier Claudio Lassala Co-editor Martín Salías Translation coordinators Claudio Lassala Martín Salías Translators Eduardo Vidigal Rodolfo Duarte Fábio Vazquez José Cavalcanti Moacyr Zalcman Fábio Vieira M...
Michel Fournier, November 1, 2002
UTMag/RapoZine team Editors Michel Fournier Claudio Lassala Co-editor Martín Salías Translation coordinators Claudio Lassala Martín Salías Translators Eduardo Vidigal Rodolfo Duarte Fábio Vazquez José Cavalcanti Moacyr Zalcman Fábio Vieira M...
Michel Fournier, January 1, 2003
UTMag/RapoZine team Editors Michel Fournier Claudio Lassala Co-editor Martín Salías Translation coordinators Claudio Lassala Martín Salías Translators Rodolfo Duarte Fábio Vazquez Moacyr Zalcman Martín Salías Antonio Castaño Fabián Belo Rafae...
Michel Fournier, November 1, 2001
I have been following several threads on the Universal Thread recently about FTP from Visual FoxPro. I have used an ActiveX for a while to do such a task. I have found that years after years, the problem is that you have to maintain that ActiveX for your own workstation and for every servers or work...
Michel Fournier, July 1, 2002
UTMag/RapoZine team Editors Michel Fournier Claudio Lassala Co-editor Martín Salías Translation coordinators Claudio Lassala Martín Salías Translators Eduardo Vidigal Rodolfo Duarte Fábio Vazquez José Cavalcanti Moacyr Zalcman Fábio Vieira M...
Michel Fournier, January 1, 2006
With the beginning of the new year, Michel resumes some of the highlights of the Universal Thread and what is coming up for the new season.
Michel Fournier, March 1, 2006
When comes time to display the content of a memo field on a Web page, one common task we have to do is to hyperlink specific content. This article discusses about a technique which can be used to hyperlink various types of links as well as email addresses.
Michel Fournier, April 1, 2009
This article describes some basic techniques to manipulate some images in .NET. It covers image resizing, image cropping and the ability to save an image into a JPG high resolution format.
Michel Fournier, May 1, 2007
This short articles provides an approach of important data from an Excel sheet into your application without having the requirement of having Excel installed on the server.
Michel Fournier, August 1, 2002
UTMag/RapoZine team Editors Michel Fournier Claudio Lassala Co-editor Martín Salías Translation coordinators Claudio Lassala Martín Salías Translators Eduardo Vidigal Rodolfo Duarte Fábio Vazquez José Cavalcanti Moacyr Zalcman Fábio Vieira M...
Michel Fournier, July 1, 2001
Recently, I was having problems while working on several projects on my PC. The problems were happening when I had several applications open at the same time. When the problem occured, I had to reboot my PC and then was able to work for a few hours up to a few days until the next reboot. As I was wo...
Michel Fournier, June 1, 2002
UTMag/RapoZine team Editors Michel Fournier Claudio Lassala Co-editor Martín Salías Translation coordinators Claudio Lassala Martín Salías Translators Eduardo Vidigal Rodolfo Duarte Fábio Vazquez José Cavalcanti Moacyr Zalcman Fábio Vieira M...
Michel Fournier, September 1, 2002
UTMag/RapoZine team Editors Michel Fournier Claudio Lassala Co-editor Martín Salías Translation coordinators Claudio Lassala Martín Salías Translators Eduardo Vidigal Rodolfo Duarte Fábio Vazquez José Cavalcanti Moacyr Zalcman Fábio Vieira M...
Michel Fournier, January 1, 2001
Xitech (Europe) produces tools for the Windows software developer. They specialize in FoxPro Developer tools, data and code recovery and security. In this article, we will see an overview of 5 of their tools. You will find more details about each of them from Xitech documentation. To get Xitech cont...
Michel Fournier, April 1, 2006
This article discusses the ability to use Visual FoxPro to schedule a list of tasks to be executed at specific intervals. While there could be the approach of using the Windows Scheduler to execute those tasks, it is always interesting to be able to control everything from within VFP. A small VFP sc...
Michel Fournier, April 1, 2006
This article describes an overview of sending an email from VB.NET. It covers the basis of creating the email functionality in a class and using an instance of that class to define and send the email. The class includes the ability to send to multiple recipients as well as sending attachments. Sendi...
Michel Fournier, July 1, 2002
This is a follow up on my previous article on using SOAP protocol for authentication that appeared in our December 2001 issue. That article was mentioning the use of the SOAP header for authentication such as being able to identify the user for any upcoming hit to your Web Service as soon as the Log...
Michel Fournier, May 1, 2002
UTMag/RapoZine team Editors Michel Fournier Claudio Lassala Translation coordinators Claudio Lassala Martín Salías Translators Eduardo Vidigal Rodolfo Duarte Fábio Vazquez José Cavalcanti Moacyr Zalcman Fábio Vieira Martín Salías Antonio Castañ...
Michel Fournier, July 1, 2002
From recent discussions I had, with several persons from my team, about common patterns which occur in the evolution of the Universal Thread, I thought it would be nice to write an article about it. Basically, within the evolution of a product, there are some similitudes which are sometimes interest...
Michel Fournier, June 1, 2001
Welcome to our first issue of the Universal Thread Magazine. We kept receiving many requests to have such a media available on the Universal Thread, so we decided to release our first issue this month. Many people have mentioned an interest to either have such a magazine for the pleasure to read abo...
Michel Fournier, December 1, 2001
The Visual FoxPro Zone evolves As many of you may have seen, the Universal Thread Visual FoxPro Zone is evolving quite fast. In the last month, we added new content in it. As usual, the most popular option is the Toledo Wish List. Several entries are created every day. This is the place to co...
Michel Fournier, January 1, 2002
It's January 3rd, 2002, I am writing this editorial at 20h32 EST. The Christmas break is over but was it really a break? More and more, years after years, I keep seeing a lot of persons online during Christmas day or a few minutes before the new year. And, I mean, they are online as per their own ti...
Michel Fournier, January 1, 2004
In December 1993, a great history started when a small Web site known as the Visual FoxPro Yellow Pages started. Basically, a site providing ads for Visual FoxPro developers such as jobs and consulting services. Known also as the first Visual FoxPro site, it has evolved quite fast during the first t...
Michel Fournier, January 1, 2006
In the recent months, I have been involved in settings various projects at client sites, as well as for Level Extreme Web sites, which involved the support of uploading image files from an Internet browser. The process of supporting that capability in your application, either from a desktop of from ...
Michel Fournier, December 1, 2001
The Microsoft SOAP client provides access to any Web Service. Once the object is instantiated and the location of the WSDL file given, you are ready to go to access any method. Thus, based on what is supported by the Web Service, you can query to obtain various types of content such as string and bo...
Michel Fournier, February 1, 2002
On January 15th, 2002, an important joint took place for our magazine. The Universal Thread Magazine and RapoZine magazine, an online magazine available for the Portuguese developers community, joined to create UTMag/RapoZine. Effective from this issue, both magazines will offer the same technical c...
Michel Fournier, July 1, 2002
Show seconds in a readable format If you need to check elapsed time with seconds() or a datetime value, this function allows you to display the elapsed time in a human-readable format, that is, hours:minutes:seconds, instead of the total number of seconds. Just pass a number of seconds as...
Michel Fournier, September 1, 2002
Getting image width and height Probably the most flexible way to extract the width and height of an image is by the use of the image object. All is needed is to load the image in the object and get the values from the Width and Height properties. LOCAL loImage,lnWidth,lnHeight loIma...
Michel Fournier, August 1, 2002
Updating your DLL on IIS This has been a common question in the recent months on the Universal Thread. More and more, developers have the need to use a DLL under IIS. However, the fun part comes when you need to update it. As soon as it kicks in, you can't update your DLL anymore as it re...
Michel Fournier, November 1, 2002
Use MemLines() to wrap text lines When you need to wrap some text at a given width (say 75 characters per line), you do it easily with: SET MEMOWIDTH TO 75 lcMemo = lcNewMemo = "" _MLINE = 0 FOR i= 1 TO memlines(lcMemo) lcNewMemo = lcNewMemo ; + MLINE(lcMemo,1,_MLINE...
Michel Fournier, October 1, 2002
Extracting BMPs from general fields As a complement with last issue's article on image handling, yo can find useful this little function. If you got convinced that using general fields to handle images is a bad idea, you can decided go back to independent image files. But then you'll...
Michel Fournier, June 1, 2001
It was a year ago. The DevConnections team was holding the Visual FoxPro DevCon 2000, the SQL Server Connections and the DevCon 2000 in New Orleans, Louisiana from May 14 to 18, 2000. For the first time, attendees were able to attend sessions from more than one conference at the same time. This offe...
Michel Fournier, September 1, 2001
Is there a speed limit on the Internet? Probably not, because there is so much things we can do in a short time about delivering various type of content to the community. I remember a week ago we shared an idea about helping the promotion of user group activities around the world. A week ago it was ...
Michel Fournier, March 1, 2002
In the last month, we received dozens of emails from satisfied persons in regards for our initiative of opening the magazine and the Universal Thread in general for additional communities such as the Portuguese and Spanish communities. Regulars members of the Universal Thread, new members, Microsoft...