Authenticate Web Service with Custom SOAP Header in .NET


Many of us want to secure the calls to our web services, right?

There are so many ways to do this, one of them is to use custom SOAP header.

Using this method we simply add a required SOAP header to our web services calls.

We embed the SOAP header into our message and validate its contents on the server.

If the SOAP header validation done successfully, the web server sends the web service response to the consumer.

Using the Code

Now let’s see how to do this in visual studio:

/// <summary>
/// Summary description for SOAPHeaderService
/// </summary>
[WebService(Namespace = "")]
[WebServiceBinding(Name = "TestService",ConformsTo = WsiProfiles.BasicProfile1_1)]
public class SOAPHeaderService : System.Web.Services.WebService
    public SOAPHeaderService()
        //Uncomment the following line if using designed components 


Notice that the “WebServiceBinding” attribute has the “Name” argument set to “TestService”, I’ll explain this later.

Now, I write the custom SOAP header that I want to include in the SOAP message.
To do this I’ll create a class inherited from “System.Web.Services.Protocols.SoapHeader” , and I’ll but the required properties in it.

public class UserCredentials : System.Web.Services.Protocols.SoapHeader
    public string userName;
    public string password;

Let’s add instance from that header in our service:

public class SOAPHeaderService : System.Web.Services.WebService
    // Visual studio will append a "UserCredentialsValue" property to the proxy class
    public UserCredentials consumer;


Note that the Visual Studio will create a property in web service proxy called “UserCredentialsValue” which will map the “consumer” public property in the web service.

Now we had to write a “Web Method” that uses that header in messaging.

    [SoapDocumentMethod(Binding = "TestService")]
    public string GetBalance()
        if (checkConsumer())
            return consumer.userName + " had 10000000 credit";
            return "Error in authentication";

    private bool checkConsumer()
        // In this method you can check the username and password 
        // with your database or something
        // You could also encrypt the password for more security
        if (consumer != null)
            if (consumer.userName == "shekhar" && consumer.password == "123456")
                return true;
                return false;
            return false;

Note that I have added the “Binding” value to that I had used in declaring my service.

Also I declared the SOAP header that method will require when called, as long as declaring it with required.

Now, the only thing is remaining is to call the service with the SOAP header:

SOAPHeaderService.SOAPHeaderService service = new SOAPHeaderService.SOAPHeaderService();
SOAPHeaderService.UserCredentials user = new SOAPHeaderService.UserCredentials();

  user.userName = "Shekhar";
  user.password = "123456";

 service.UserCredentialsValue = user;



We just get reference to the service and the SOAP header, assign the SOAP header properties, attach it with the SOAP message and then make our call to the web method.

This is the console result after calling the service with username = “Shekhar” and password = “123456



Download Sample


2 thoughts on “Authenticate Web Service with Custom SOAP Header in .NET

  1. I think that what you posted made a bunch of sense.
    However, think about this, what if you wrote a catchier post
    title? I mean, I don’t wish to tell you how to rrun your blog,
    but what iif you addxed a title to maybe get people’s attention? I mean Authenticate Web
    Service with Cuatom SOAP Header iin .NET | Shekhar Shete
    MCTS is a little boring. Youu might look at Yahoo’s front page and see how
    they create news headlines to get viewers to
    open the links. You might add a video or a related pic or two
    to grab people excited about everything’ve got to say.
    Just my opinion, iit might make your posts a little bit moore interesting.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s