Limiting Access to webmethods in a C# webservice for different requests????

Question

0.00/5 (No votes)

See more:

Hello All,

We are giving a c# webservice which contains 10 webmethods which will return different data to clients...

I want to restrict the access of web methods to different clients with diffrent set of methods....

For example I have written webmethods named A,B,C,D,E,F,G,H,I,J

Client A - B,D,F,G
Clent B - A,B,C,D,E,F,G,I
Client C - A,B,C,D,E,F,G,H,I,J

In current scenario, We are having more than 200 clients and more than 500 web methods....

How can i do this???

Can I use database driven mechanism to achieve this? If possible how?

I have already used SOAPHEADER to authenticate all users.... I have a SQL table like client master which will give the IP address for the requesting client to authenticate the request....

Thanks in advance...

Posted 19-Apr-10 19:02pm

PeerMohamedMydeen

Updated 19-Apr-10 19:51pm

v3

Add a Solution

3 solutions

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

_Damian S_ · Accepted Answer · 2010-04-19T19:47:00

You've just about answered your own question here...

You already have user authentication happening, so simply update your database so that you have a table similar to this:

UserID, WebMethodID

Populate this table with relevant details for each client and their approved webmethods, one entry per client/webmethod pair.

Update your webmethods so that they only work if the client/webmethod pair is authorised... something like this:

VB

if isAuthorised(ClientID, WebmethodID) then

' do the webmethod stuff here

endif

private function isAuthorised(byval ClientID as integer, byval WebmethodID as integer) as boolean
' Make a call to the database to check for the ClientID/Webmethod pair

if FOUND_IN_DATABASE then
  isAuthorised = true
else
  isAuthorised = false
endif
end function

Sandeep Mewara · Accepted Answer · 2010-04-19T19:45:00

You can always put some logic to find the client and based on the client sent back the response. Might be an IP range for client A, another for B ... if A is requesting then allow B,D,F,G to response back. This logic can be written in service layer or Db layer where ever you like.

But i would suggest, make 3 services... 1 each for client A, B & C. Why to club them all? It would be easy for you to maintain and can also have different types of security level if needed!

kartikdasani · Accepted Answer · 2010-04-19T19:52:00

you could add an entry method that will be called each time any of the webmethods are called :

a()
{
if(entry()){
}
else
{
return ;
}
}

b()
{
if(entry()){
}
else
{
return ;
}
}

etc

this method can look up the user access rights and determine if the user is allowed access to the webmethod or not.

Limiting Access to webmethods in a C# webservice for different requests????

3 solutions

Solution 2

Solution 1

Solution 3

Add your solution here

Preview 0