Week 9

Intro to Web Services

Uses XML to communicate from one site to another
A discovery process provides what should be sent and what is expected to be received
Information can be transmitted using Http-Get (which uses request.querystring to extract), http-
post (which uses request.form to extract), and SOAP (Simple Object Access Protocol) which passes
more complex data chunk in XML format. Http-Get and post use a value/pair system.

Why webservices? Provides for specialization of services/information. For example, you need to
know the latest stock prices. You can ask someone who job is to maintain this information rather
than maintain them yourself.

Webservices have .asmx extension.

Xservice.asmx?wsdl will give you a description of the web service.

For example:

http://www.webservicex.com/TranslateService.asmx?WSDL

The following webservice will translate from one language to another:

http://www.mindreef.net/soapscope/wsdldemo?
referer=xmethods&url=http://www.webservicex.com/TranslateService.asmx?WSDL

.Net security
Use the authentication tags in the web.config of the root folder of your site:

<configuration>
<system.web>
<authentication mode="Forms">
<forms name="name" loginUrl”login.aspx" />
</authentication>
<authorization>
<deny users="?"/>
</authorization>
</system.web>
</configuration>

Three modes: Windows, Forms, and Passport.

Windows is controlled by IIS. Right-click your site in IIS and set Basic or Integrated
authentication. Basic sends password in clear text. Integrated requires Internet Explorer.

Form authentication allows you to specify a form for users to login.

<deny users="?"/> means to deny all anonymous users
User “*” to deny all users
Or you can have

<authorization>
<deny users="bob, jane"/>
<allow users="joe, steve”/>
</authorization>

The codes below is an example of form authentication.

<%@ Page Language="VB" %>

<%@ Import Namespace="System.Data" %>
<%@ Import Namespace="System.Data.OleDb" %>

<script language="VB" runat="server">

sub Login(Sender as Object, e as EventArgs)
dim intID as integer = 0

dim Conn as new OleDbConnection("Provider=" & _

"Microsoft.Jet.OLEDB.4.0;" & _
"Data Source=C:\ASPNET\data\mydb.mdb")

dim objCmd as OleDbCommand = new OleDbCommand _

("SELECT UserID FROM tblUsers WHERE " & _
"Username = '" & tbUserName.Text & "' " & _
"AND Password = '" & tbPassword.Text & "'", Conn)
dim objReader as OleDbDataReader

try
objCmd.Connection.Open()
objReader = objCmd.ExecuteReader()

do while objReader.Read
intId = objReader.GetInt32(0).ToString()
loop
catch ex as OleDbException
lblMessage.Text = ex.Message
finally
objReader.Close()
objCmd.Connection.Close()
end try

if intID <> 0 then

FormsAuthentication.SetAuthCookie(intID, false)
lblMessage.Text = "<font color=red>Success!</font><p>"
else
lblMessage.Text = "<font color=red>Sorry, invalid username or password!</font><p>"
end if
end sub
</script>

<html><body>
<form runat="server">
<asp:Label id="lblMessage" runat="server"/><p>
Username:
<asp:Textbox id="tbUsername" runat="server" /><br>
Password:
<asp:Textbox id="tbPassword" TextMode="password" runat="server" /><p>
 <asp:Button id="Submit" runat="server" onClick="Login" text="Submit" />
</form>
</body></html>

FormsAuthentication.SetAuthCookie(intID, false) sets a cookie named the content of inID and the
cookie doesn’t persist if the browser is closed (false).

How do you know if a user has been authenticated? Use

If (User.Identity.IsAuthenticated) then ….

User.Identity.Name will give you the username of the authenticated user

Passport is controlled by www.passport.com. It’s a paid service that will authenticated your
users. Consumers can get a free passport. Businesses pay $1,500 to $10,000 yearly to
authenticate users. The advantage is that it provides centralized security and is handled by
those who are security experts, which may be lacking in your company.