Library tutorials & articles

Building XML Web Services Using C# and ASP.NET

By James Yang, published on 02 Dec 2002
Page 5 of 6
  1. Introduction
  2. What is a web service?
  3. A simple web service
  4. Other web service features
  5. Real world application
  6. Conclusion

Real world application

Well, we've learnt all of the fundamentals for building web services. It's time to put what we've learnt into practice by designing a real world example. The example application we're about to create will not contain properties, because Microsoft recommends a web service be stateless whenever possible.

We are going to make a stripped-down version of Passport. Our version will contain seven methods:

  • bool Authenticate (string username, string password): This method will authenticate a user and return true if authenticated and false if not.
  • bool AddUser (string username, string password, string name, string email): This method will add a user to the database. If successful, the method will return true, if not the method will return false.
  • bool DeleteUser (string username): Will delete a user from the database. If successful the method will return true, if not the method will return false.
  • bool EditUser (string username, string name, string email): This method will edit the user information. If successful the method will return true, if not the method will return false.
  • bool ChangePassword (string username, string password): This method will change a user’s password. If successful the method will return true, if not the method will return false.
  • string ReturnName (string username): this method returns a users name.
  • string ReturnEmail (string username): this method returns a users email.
Our example makes use of an SQL server database. Use the following TSQL in query analyzer to create our database (In our example I will assume that SQL Server is installed on the same machine as where the web service will reside):

CREATE DATABASE minipassport
GO

CREATE TABLE Users (
UserName varchar (10) Primary Key NOT NULL ,
Name varchar (50) NOT NULL ,
EMail varchar (100) NOT NULL ,
Password varchar (10) NOT NULL
) ON PRIMARY
GO

The code for our web service looks like this:

<%@ WebService class = "miniPassport" Language="C#" Debug = "true"%>

using System;
using System.Data;
using System.Data.SqlClient;
using System.Web.Services;

[WebService(Name ="Mini Passport", Description="Web Service to Authenticate and Manage Users", Namespace = "devArticles")]
public class miniPassport
{
const string connStr = "server=127.0.0.1;uid=sa;pwd=;database=minipassport";

[WebMethod(Description = "Method to Authenticate Users")]
public bool Authenticate(string username, string password)
{
SqlConnection dbConn = new SqlConnection(connStr);
string sqlStr = "Select password from users where username = '" + username + "';";
dbConn.Open();
SqlCommand dbCommand = new SqlCommand(sqlStr,dbConn);
SqlDataReader dbReader = dbCommand.ExecuteReader();

bool returnBool;
if (dbReader.Read())
{
if (dbReader[0].ToString()==password)
{
returnBool = true;
}
else
{
returnBool = false;
}
}
else
{
returnBool=false;
}
dbReader.Close();
dbConn.Close();
return returnBool;
}

[WebMethod(Description = "Method to Add User")]
public bool AddUser(string username, string password, string name, string email)
{
bool returnBool = false;
SqlConnection dbConn = new SqlConnection(connStr);
string sqlStr = "INSERT INTO users(username,password,name,email) values('" + username + "', '" + password + "', '" + name + "', '" + email + "');";
SqlCommand dbCommand = new SqlCommand(sqlStr,dbConn);
try
{
dbConn.Open();
if (dbCommand.ExecuteNonQuery()!=0)
{
returnBool=true;
}
returnBool=true;
}
catch
{
returnBool=false;
}
dbConn.Close();
return returnBool;
}

[WebMethod(Description = "Method to Delete User")]
public bool DeleteUser(string username)
{
bool returnBool = false;
SqlConnection dbConn = new SqlConnection(connStr);
string sqlStr = "DELETE FROM users where username = '" + username +"';";
SqlCommand dbCommand = new SqlCommand(sqlStr,dbConn);
try
{
dbConn.Open();
if (dbCommand.ExecuteNonQuery()!=0)
{
returnBool=true;
}
}
catch
{
returnBool=false;
}
dbConn.Close();
return returnBool;
}

[WebMethod(Description = "Method to Edit User Information")]
public bool EditUser(string username, string name, string email)
{
bool returnBool = false;
SqlConnection dbConn = new SqlConnection(connStr);
string sqlStr = "UPDATE users SET username = '" + username +"',name = '"+name+"',email= '"+email+"';";
SqlCommand dbCommand = new SqlCommand(sqlStr,dbConn);
try
{
dbConn.Open();
if (dbCommand.ExecuteNonQuery()!=0)
{
returnBool=true;
}
}
catch
{
returnBool=false;
}
dbConn.Close();
return returnBool;
}

[WebMethod(Description = "Method to Change User Password")]
public bool ChangePassword(string username, string password)
{
bool returnBool = false;
SqlConnection dbConn = new SqlConnection(connStr);
string sqlStr = "UPDATE users SET password = '"+password+"';";
SqlCommand dbCommand = new SqlCommand(sqlStr,dbConn);
try
{
dbConn.Open();
if (dbCommand.ExecuteNonQuery()!=0)
{
returnBool=true;
}
}
catch
{
returnBool=false;
}
dbConn.Close();
return returnBool;
}

[WebMethod(Description = "Method to Obtain User Name")]
public string ReturnName(string username)
{
SqlConnection dbConn = new SqlConnection(connStr);
string sqlStr = "Select Name from users where username = '" + username + "';";
dbConn.Open();
SqlCommand dbCommand = new SqlCommand(sqlStr,dbConn);
SqlDataReader dbReader = dbCommand.ExecuteReader();
dbReader.Read();
string _name = dbReader[0].ToString();
dbReader.Close();
dbConn.Close();
return _name;
}

[WebMethod(Description = "Method to obtain User Email Address")]
public string ReturnEmail(string username)
{
SqlConnection dbConn = new SqlConnection(connStr);
string sqlStr = "Select email from users where username = '" + username + "';";
dbConn.Open();
SqlCommand dbCommand = new SqlCommand(sqlStr,dbConn);
SqlDataReader dbReader = dbCommand.ExecuteReader();
dbReader.Read();
string _name = dbReader[0].ToString();
dbReader.Close();
dbConn.Close();
return _name;
}
}

As you can see, there's nothing difficult about our code. It's composed from what we've covered throughout this article. If you add your own functionality and make it available on the web (or even register it on UDDI), then it's a complete authentication web service. This will allow other sites to incorporate our demo login system and centralize user information.

Our mini passport web service

Comments

  1. Yoshi Watanabe
    21 Mar 2005 at 21:56
    I got a problem where even after I changed the name, the tempuri persisted, and just figured out that you have to get rid of cached images from:

    C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET FilesNET

    Just wanted to mention this in case someone look for an answer for this.
  2. s_kumar66
    22 Jan 2004 at 05:25


    Hi....


    You have to  write the query to check the password. It will be better  if you  use StoredProcedure ..


    Sample of the  stored procedure
    CREATE PROCEDURE _checkpass
    (
    @password varchar(10)
    )


    As
    select password from table where password=@password
    if @@rowcount<1
    select @status=0
    else
    select@status=1
    Go


    Once you write the above stored pro with sql server


    user the following code... in your  application


    myCommand = new SqlCommand("_checkpass", myConnection);
    myCommand.CommandType = CommandType.StoredProcedure;
    myCommand.Parameters.Add(new SqlParameter("@password", SqlDbType.VarChar, 50));
           myCommand.Parameters["@password"].Value =txtpass.Value;


    myCommand.Connection.Open();


           try
           {
           myCommand.ExecuteNonQuery();


    if((int)status.Value==0)
    {
    Go Ahead........
    }
    else
    {
    Stopped Functioning
    }





  3. M Dyerstein
    09 Jan 2003 at 20:58
    Posted question without "fully" reading article!!
  4. M Dyerstein
    09 Jan 2003 at 20:54

    silly question, but as I am new to SQL and C#, how would I be able to check an existing password, that was previously added to your database table and check the result to athenticate the user?

  5. Developer Fusion Bot
    01 Jan 1999 at 00:00

    This thread is for discussions of Building XML Web Services Using C# and ASP.NET .

Leave a comment

Sign in or Join us (it's free).

Related tags

c#, asp.net, .net, web services, xml
James Yang James is a student at Georgia Institute of Technology, majoring in Computer Science. He is an MCSE, MCDBA, MCSA and CCNA.
AddThis

Related articles

Ask a question

Related discussion

Related podcasts

Events coming up

  • Nov 18

    15 Minutes of Fame

    Dresher, United States

    This is a yearly tradition. We select 10 of the favorite speakers from monthly meetings, code camps, and hands on labs. Each one does a 15 minute talk on their favorite .NET technology. This is our 10th anniversary so we plan a gala event with special prizes and refreshments.

Languages

Web Development

Frameworks & Architecture

Other major sections

Cancel
We'd love to hear what you think! Submit ideas or give us feedback