Building XML Web Services Using C# and ASP.NET

Real world application

Well, we've learnt all of the fundamentals for building web services. It's time to put what we've learnt into practice by designing a real world example. The example application we're about to create will not contain properties, because Microsoft recommends a web service be stateless whenever possible.

We are going to make a stripped-down version of Passport. Our version will contain seven methods:

  • bool Authenticate (string username, string password): This method will authenticate a user and return true if authenticated and false if not.
  • bool AddUser (string username, string password, string name, string email): This method will add a user to the database. If successful, the method will return true, if not the method will return false.
  • bool DeleteUser (string username): Will delete a user from the database. If successful the method will return true, if not the method will return false.
  • bool EditUser (string username, string name, string email): This method will edit the user information. If successful the method will return true, if not the method will return false.
  • bool ChangePassword (string username, string password): This method will change a user’s password. If successful the method will return true, if not the method will return false.
  • string ReturnName (string username): this method returns a users name.
  • string ReturnEmail (string username): this method returns a users email.
Our example makes use of an SQL server database. Use the following TSQL in query analyzer to create our database (In our example I will assume that SQL Server is installed on the same machine as where the web service will reside):

CREATE DATABASE minipassport
GO

CREATE TABLE Users (
UserName varchar (10) Primary Key NOT NULL ,
Name varchar (50) NOT NULL ,
EMail varchar (100) NOT NULL ,
Password varchar (10) NOT NULL
) ON PRIMARY
GO


The code for our web service looks like this:

<%@ WebService class = "miniPassport" Language="C#" Debug = "true"%>

using System;
using System.Data;
using System.Data.SqlClient;
using System.Web.Services;

[WebService(Name ="Mini Passport", Description="Web Service to Authenticate and Manage Users", Namespace = "devArticles")]
public class miniPassport
{
const string connStr = "server=127.0.0.1;uid=sa;pwd=;database=minipassport";

[WebMethod(Description = "Method to Authenticate Users")]
public bool Authenticate(string username, string password)
{
SqlConnection dbConn = new SqlConnection(connStr);
string sqlStr = "Select password from users where username = '" + username + "';";
dbConn.Open();
SqlCommand dbCommand = new SqlCommand(sqlStr,dbConn);
SqlDataReader dbReader = dbCommand.ExecuteReader();

bool returnBool;
if (dbReader.Read())
{
if (dbReader[0].ToString()==password)
{
returnBool = true;
}
else
{
returnBool = false;
}
}
else
{
returnBool=false;
}
dbReader.Close();
dbConn.Close();
return returnBool;
}

[WebMethod(Description = "Method to Add User")]
public bool AddUser(string username, string password, string name, string email)
{
bool returnBool = false;
SqlConnection dbConn = new SqlConnection(connStr);
string sqlStr = "INSERT INTO users(username,password,name,email) values('" + username + "', '" + password + "', '" + name + "', '" + email + "');";
SqlCommand dbCommand = new SqlCommand(sqlStr,dbConn);
try
{
dbConn.Open();
if (dbCommand.ExecuteNonQuery()!=0)
{
returnBool=true;
}
returnBool=true;
}
catch
{
returnBool=false;
}
dbConn.Close();
return returnBool;
}

[WebMethod(Description = "Method to Delete User")]
public bool DeleteUser(string username)
{
bool returnBool = false;
SqlConnection dbConn = new SqlConnection(connStr);
string sqlStr = "DELETE FROM users where username = '" + username +"';";
SqlCommand dbCommand = new SqlCommand(sqlStr,dbConn);
try
{
dbConn.Open();
if (dbCommand.ExecuteNonQuery()!=0)
{
returnBool=true;
}
}
catch
{
returnBool=false;
}
dbConn.Close();
return returnBool;
}

[WebMethod(Description = "Method to Edit User Information")]
public bool EditUser(string username, string name, string email)
{
bool returnBool = false;
SqlConnection dbConn = new SqlConnection(connStr);
string sqlStr = "UPDATE users SET username = '" + username +"',name = '"+name+"',email= '"+email+"';";
SqlCommand dbCommand = new SqlCommand(sqlStr,dbConn);
try
{
dbConn.Open();
if (dbCommand.ExecuteNonQuery()!=0)
{
returnBool=true;
}
}
catch
{
returnBool=false;
}
dbConn.Close();
return returnBool;
}

[WebMethod(Description = "Method to Change User Password")]
public bool ChangePassword(string username, string password)
{
bool returnBool = false;
SqlConnection dbConn = new SqlConnection(connStr);
string sqlStr = "UPDATE users SET password = '"+password+"';";
SqlCommand dbCommand = new SqlCommand(sqlStr,dbConn);
try
{
dbConn.Open();
if (dbCommand.ExecuteNonQuery()!=0)
{
returnBool=true;
}
}
catch
{
returnBool=false;
}
dbConn.Close();
return returnBool;
}

[WebMethod(Description = "Method to Obtain User Name")]
public string ReturnName(string username)
{
SqlConnection dbConn = new SqlConnection(connStr);
string sqlStr = "Select Name from users where username = '" + username + "';";
dbConn.Open();
SqlCommand dbCommand = new SqlCommand(sqlStr,dbConn);
SqlDataReader dbReader = dbCommand.ExecuteReader();
dbReader.Read();
string _name = dbReader[0].ToString();
dbReader.Close();
dbConn.Close();
return _name;
}

[WebMethod(Description = "Method to obtain User Email Address")]
public string ReturnEmail(string username)
{
SqlConnection dbConn = new SqlConnection(connStr);
string sqlStr = "Select email from users where username = '" + username + "';";
dbConn.Open();
SqlCommand dbCommand = new SqlCommand(sqlStr,dbConn);
SqlDataReader dbReader = dbCommand.ExecuteReader();
dbReader.Read();
string _name = dbReader[0].ToString();
dbReader.Close();
dbConn.Close();
return _name;
}
}


As you can see, there's nothing difficult about our code. It's composed from what we've covered throughout this article. If you add your own functionality and make it available on the web (or even register it on UDDI), then it's a complete authentication web service. This will allow other sites to incorporate our demo login system and centralize user information.

Our mini passport web service

You might also like...

Comments

About the author

James Yang Australia

James is a student at Georgia Institute of Technology, majoring in Computer Science. He is an MCSE, MCDBA, MCSA and CCNA.

Interested in writing for us? Find out more.

Contribute

Why not write for us? Or you could submit an event or a user group in your area. Alternatively just tell us what you think!

Our tools

We've got automatic conversion tools to convert C# to VB.NET, VB.NET to C#. Also you can compress javascript and compress css and generate sql connection strings.

“A computer lets you make more mistakes faster than any other invention in human history, with the possible exceptions of handguns and tequila” - Mitch Ratcliffe