How to send username through the SOAP header ?

Jun 13, 2008 at 7:26 AM
Hi,
I am creating a WCF service in which i have some sensitive operations like registeration, deletion,Updation etc.
so i wanna check the authorization of the user wheather he is authorized to the operation or not !

i heard that we can send the username through the SOAP headers.
I am new to this , so can i get proper advice how to do this ?

Coordinator
Jun 16, 2008 at 6:00 PM
You could send a user\password combination as a SOAP header - Take the sample code and change the header name and value to suit your needs. On the server, you will have to validate that the user\password combination is correct and that the user is authorized and only then perform the operation.
Still - I wouldn't recommend sending that info in headers since it will be there every request which will make it more vulnerable. I suggest sending it once, getting some kind of (time based) token and using that token in further requests.
Jun 28, 2008 at 5:44 PM
Thanks for your reply.
I am really new to this part.
well, i need quite some time to learn this.. soap header and all..
thanks for your suggestion.

eyalp wrote:
You could send a user\password combination as a SOAP header - Take the sample code and change the header name and value to suit your needs. On the server, you will have to validate that the user\password combination is correct and that the user is authorized and only then perform the operation.
Still - I wouldn't recommend sending that info in headers since it will be there every request which will make it more vulnerable. I suggest sending it once, getting some kind of (time based) token and using that token in further requests.


May 9, 2009 at 1:35 AM

I know this post is more than a year old, but I have a similar situation/problem. I am trying to consume a Java Web Service which requires the username/password token to be sent as a part of the SOAP header. I have tried various methods but to no avail. Most of the times I am getting the message "WSDoAll: Request does not contain the required security header".

I have tried various settings

BasicHttpBinding with Security mode = "Transportcredentialsonly"

or

basicHttpBinding with Security mode = "Message"

the Web service I am consuming is not SSL based.

If any of you could provide me with a sample, I'd highly appreciate it.