Adding SOAP Headers for SQL 2005 HTTP Endpoint web service in Visual Studio 2008

Question

I'm trying to use SOAP headers to allow for SQL Authentication while accessing a webservice published on my SQL 2005 box via HTTP Endpoint. On the endpoint, I've set Authentication = (Basic), Ports = (SSL), and LOGIN_TYPE = MIXED. I'm able to generate the WSDL and consume it just fine in VS utilizing domain credentials. However, when I try to implement SOAP headers to allow for SQL Authentication, i'm running into problems. I've followed MS BOL to the letter (http://msdn.microsoft.com/en-us/library/ms189619(SQL.90).aspx), but for some reason, i'm not sending the SOAP header. I've verified this by using fiddler (http://www.fiddler2.com/fiddler2/) to trap my https messages and look at them. Any help would be greatly appreciated. Included is the code I've been using (the names have been changed to protect the innocent)

namespace ConsoleApplication.WebService
{
class Program
{
    static void Main(string[] args)
    {
        //Prevents error due to self signed cert
        ServicePointManager.ServerCertificateValidationCallback = delegate { return true; };

        Stuff stuff = new Stuff();

        stuff.DoSomthing();
    }
}

public class Stuff
{
    [System.Web.Services.Protocols.SoapHeaderAttribute("sqlSecurity")]
    public int DoSomthing()
    {
        Webservice ws = new Webservice();

        CredentialCache myCreds = new CredentialCache();
        myCreds.Add(new Uri(ws.Url), "Basic", new NetworkCredential("netaccount", "netpass", "domain"));
        ws.Credentials = myCreds;

        ws.sqlSecurity = new SqlSoapHeader.Security();
        ws.sqlSecurity.Username = "sqluser";
        ws.sqlSecurity.Password = "sqlpass";

        try
        {
            ws.SelectUserAccountByUserName("someuser");
        }
        catch (SoapException ex)
        {

            string txterror = ex.Detail.InnerText;
            return 0;
        }

        return 1;
    }
}

public partial class Webservice
{
    public SqlSoapHeader.Security sqlSecurity;
}
}

This code utilizes the SqlSoapHeader class as documented in the BOL reference from above.

I error at calling ws.SelectUserAccountByUserName() with an "Execute permission denied" due to the fact that the "netaccount" user doesn't have rights to execute the stored proc. But again, this is because according to the soap message, no header with the sqluser info is being passed.

Answer 1

The SoapHeaderAttribute needs to be added to the web method. It won't do you any good to add it to some arbitrary calling method.