Build a Web Service that uses Authorization

Submitted on: 1/2/2015 1:32:00 PM
By: Chris Harrison (from psc cd)  
Level: Intermediate
User Rating: By 7 Users
Compatibility: C#, ASP.NET
Views: 2406
     In this article, we will develop a .NET Web Service in C# that requires authorization credentials.


Build a Web Service that uses Authorization

In this article, we will develop a .NET Web Service in C# that requires authorization.

The Web Service will expose the standard “Hello World” web method, and for the client to be able to receive the hello, it will need to send its credentials in the form of a username and password sent along with the SOAP call.

Lets build the Service first.

Using Visual Studio, I am going to create a new project called “HelloWorldAuthorized” that is a ASP.NET Web Service in C#.

Now lets use the Service1.asmx class to implement our Web Service method. Here is the code we will add:

The AuthHeader class is the class that will hold the authorization information, and should be public to allow the client that consumes this web service to access the class. This class is a child class of SoapHeader. The client will populate its fields and send it to the service with the public variable “Header.”

public class AuthHeader : SoapHeader
    public string UserName;
    public string UserPassword;

public AuthHeader Header;

The actual Web Service that does the work is the HelloWorld() method as described below.

We will need to import the System.Web.Services.Protocal namespace into our class:

using System.Web.Services.Protocols;

Now we will code our Web Method:

public string HelloWorld()

  if (Header.UserName.ToLower() == "harrison")
     return "Hello World!"; 
     return "you are not authorized"; 

We have out standard [WebMethod] attribute and the [SoapHeader] to specify that we expect the authorization information to be passed to this Web Method. In addition, we are going to check this authorization information that we receive. For this one, I am only checking the Username, not the password, and I am converting it all “ToLower()” to eliminate the case sensitivity. Of course, in the real world it would be best to add some additional security to this.

Now for the Client:

I am going to add a new Visual Studio Project to my solution called “HelloWorldClient” that is an ASP.NET Web Application, in C#.

First, I will need to add a Web Reference to my Service I created above. To do that in Visual Studio, right-click the “HelloWorldClient” project and choose “add a Web Reference.” In the URL box, enter the URL to our Web Service, “http://localhost/HelloWorldAuthorized/Service1.asmx.” You should then see the service description and then click “Add Reference” to add it to our project.  You should now see the reference show up as “localhost” under the Web References section of the Visual Studio Solution Explorer.

Now for the code.

For our implementation, I added a Label control onto the WebForm1.aspx page created in our HelloWorldClient project, called Label1. Then, in the Page_Load event, I added the call to the Web Service, as shown below:

private void Page_Load(object sender, System.EventArgs e)
    localhost.AuthHeader auth =
                 new localhost.AuthHeader();
    auth.UserName = "Harrison";
    auth.UserPassword = "password";
    localhost.Service1 ws =
                 new localhost.Service1();
    ws.AuthHeaderValue = auth;
    Label1.Text = ws.HelloWorld();

First, we create an instance of the AuthHeader class on the client, called “auth,” and populate the username and password. Then, we create an instance of the Web Service as the variable “ws.” We attach the header using the Service’s public property AuthHeaderValue, then make the call, and return the results to the Label.

If we browse to the Client file through the browser, we will see the results.

So what we have accomplished, is to create is a Web Service that requires a username for authentication. This happens in the real world with web services, some require a key string, like the Google API, and others require that you have an account.

Thanks for reading and to see the complete code, you can download the source project at



Report Bad Submission
Use this form to tell us if this entry should be deleted (i.e contains no code, is a virus, etc.).
This submission should be removed because:

Your Vote

What do you think of this article (in the Intermediate category)?
(The article with your highest vote will win this month's coding contest!)
Excellent  Good  Average  Below Average  Poor (See voting log ...)

Other User Comments

12/7/2016 1:12:37 PMDavid

Website doesn't appear to have the code link anywhere on it's pages. Link goes to home page only.
(If this comment was disrespectful, please report it.)


Add Your Feedback
Your feedback will be posted below and an email sent to the author. Please remember that the author was kind enough to share this with you, so any criticisms must be stated politely, or they will be deleted. (For feedback not related to this particular article, please click here instead.)

To post feedback, first please login.