locked
How to deal with unauthenticated users RRS feed

  • Question

  • User-775697465 posted

    I have web service that need user name and password and return object called Person 

     <SoapHeader("Authentication", Required:=True)> _
        <WebMethod(Description:="Returns Person Info")> _
        Public Function PersonService(ByVal P_ID As Integer) As Person
            If (Authentication.Username = "user1" And Authentication.Password = "123") Then
                Return GetPersonData(P_ID)
            End If
    
    
    
    
    
        End Function
    
    public function GetPersonData() as Person
    
    ......................
    ....................
    .....................
    
    end function 

    but if the username or password not passed or wrong Then what i have to return  or what i have to do???????????????????????

    Thanks

    Thursday, September 26, 2013 6:26 AM

Answers

  • User-742633084 posted

    Hi maliksh,

    For ASP.NET web service or WCF service, in case you find that the incoming parameters or certain request message headers (like the authentication soap header in your case) doesn't meet requirement, you can simply throw out a custom exception (better to throw a SoapException or SoapHeaderException) and set the proper inner exception or message property. Here is the MSDN referene talking about how to handle and throw exceptions in .NET XML webservice:

    #Handling and Throwing Exceptions in XML Web Services 
    http://msdn.microsoft.com/en-us/library/ds492xtk(v=vs.80).aspx

    Then, for client-side, if it is .NET webservice client, the proper soap exception instance will be detected (in try.... catch...). For non-.NET client, they will also be able to catch the proper exception (based on the returned soap fault information in response message) .

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Friday, September 27, 2013 1:41 AM

All replies

  • User-742633084 posted

    Hi maliksh,

    For ASP.NET web service or WCF service, in case you find that the incoming parameters or certain request message headers (like the authentication soap header in your case) doesn't meet requirement, you can simply throw out a custom exception (better to throw a SoapException or SoapHeaderException) and set the proper inner exception or message property. Here is the MSDN referene talking about how to handle and throw exceptions in .NET XML webservice:

    #Handling and Throwing Exceptions in XML Web Services 
    http://msdn.microsoft.com/en-us/library/ds492xtk(v=vs.80).aspx

    Then, for client-side, if it is .NET webservice client, the proper soap exception instance will be detected (in try.... catch...). For non-.NET client, they will also be able to catch the proper exception (based on the returned soap fault information in response message) .

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Friday, September 27, 2013 1:41 AM
  • User-488622176 posted

    You can throw an exception. It will work.

    As you are dealing with a secured service, I like the principe of not exposing any information to the clientside that is not required. You could hence "seal" your service by simply returning Nothing in case the authentication fails or the person was not found. 

    I do recommend however to log the details of the "Nothing" response at server side.

    Friday, September 27, 2013 8:23 AM