I've created a web service and am using a Soap header for authentication, as described here: http://aspalliance.com/805
I've adapted it, so that in every method, it calls a seperate "authenticate" method, which searches username and password in the db, and returns true or false. My question is, within this method, if it returns false (ie, the user isn't validated) how should i throw an exception, that filters back to the consumer application?
First of all, you'd do better to add a Login operation that takes your username/password header as input, authenticates the user, then returns an authorization token of some kind in a return SOAP Header. This header should then be supplied as in input header in all subsequent operations.
Second, you should throw a SOAPException. This will translate more or less directly into a SOAP Fault. A SOAP Fault is the appropriate way to indicate an error with a web service operation for the same reason that Exceptions are better than return status in a normal method - you don't have to check the return status at the point of the call.
Finally, were you aware that Microsoft has declared ASMX web services to be "legacy" code, and that they are no longer fixing bugs in it? It's time to move to WCF.
i have used soap exceptions for login fails:
[WebMethod]
[SoapHeader("authentication")]
public User Authenticate()
{
try
{
authentication.Roles = new string[] { UserRoles.Users };
ConfigureAuthentication();
Service<ISecurity>.Interface.Authenticate();
Guid userId = Service<ISecurity>.Interface.GetUserId(authentication.UserName);
return Service<IObjectRetriever>.Interface.Retrieve<User>(userId);
}
catch (Exception ex)
{
WriteException(ex);
throw new SoapException(ex.Message, new XmlQualifiedName(SoapException.ServerFaultCode.Name), ex);
}
}