SOAP Header: Communication secured between Flex and C#

Question

Hello,

I am working with Flex, Webservices and C# and I would like to secure the access on my web services through SOAP.

I spent 2 days on this problem:

My asmx file where i describe my webmethod:

    public ServiceAuthHeader CustomSoapHeader  = new ServiceAuthHeader();

    [SoapHeader("CustomSoapHeader")]
    [WebMethod(Description = "Return Somme")]
    public int getTotal(int x, int y)
    {
        ServiceAuthHeaderValidation.Validate(CustomSoapHeader);
        var total = x+y;
        return total;
    }


  public class ServiceAuthHeader : SoapHeader
    {
        // SoapHeader for authentication
        public string Username;
        public string Password;
    }

Then I wrote a class to check if the content of SOAP Header is good.

public class ServiceAuthHeaderValidation
{

[SoapHeader("soapHeader")]
[WebMethod(Description = "Check Header")]
public ServiceAuthHeader Validate(ServiceAuthHeader soapHeader)
{
    if (soapHeader == null)
    {
        throw new NullReferenceException("No soap header was specified.");                    
    }
    if (soapHeader.Username ==null)
    {
        Console.WriteLine(soapHeader.Username);
        throw new NullReferenceException("Username was not supplied for authentication in SoapHeader!");
    }
    if (soapHeader.Password == null)
    {
        throw new NullReferenceException("Password was not supplied for authentication in SoapHeader.");
    }

    if (soapHeader.Username != "JOE") || soapHeader.Password != "JOE")
    {
        throw new Exception("Please pass the proper username and password for this service.");


   }
    return true;
}

}

So far I think I'm right.

But while i want to implement it in Flex:

var q1:QName=new QName("http://localhost:59399/Service1.asmx?wsdl", "Header1");
        header1=new SOAPHeader(q1, {String:"JOE",String JOE});
        _serviceControl.addHeader(header1); 

I get a NullReferenceException on my username, which seems to be not supply.

My Webservice works, except when I try to implement:

ServiceAuthHeaderValidation.Validate(CustomSoapHeader);

Could someone reply me in order to know what is missing ? or my mistake..

THank you for your time.

So far StackoverFlow helped me a lot by reading different answers but today I stay stuck on it. If someone can help.

Answer 1

I just use a custom XML:

    public function addUserCredentials(username:String, passwordHash:String):ISoapInvocation
    {
        var headerDetails:XML =
            <Security xmlns={wsse}>
                <UsernameToken>
                    <Username>{username}</Username>
                    <Password>{passwordHash}</Password>
                </UsernameToken>
            </Security>;

        securityHeader = new SOAPHeader(securityQName, headerDetails);

        return this;
    }

Keep in mind that using {} inside an E4X definition looks like a binding that updates, it's not.

Answer 2

Thanks a lot, Sophistifunk

I finally added in my generated AS sub class.

var header1:SOAPHeader;
        var q1:QName = new QName("http://localhost:80/", "Header");     
        header1 = new SOAPHeader(q1, {});
        var a:XML = <AuthHeader xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns="http://localhost:80/"&gt;
                    <UserLogin>Joe</UserLogin> 
                    <mdp>test</mdp> 
                    </AuthHeader>
        header1.content =  a;
        _serviceControl.addHeader(header1);

But when we implement a new WebService in Flex 4 through its IDE, everything is generated in AS.

But The way to manage the header sucks really.

That should take in charge automatically the security Header.. I mean create a function setLogin or setpassword bindable from or mxml application.

Anyway.

If someone know a way to take in charge the Header of SOAP through a better way.