Well, we've learnt all of the fundamentals for building web services. It's time to put what we've learnt into practice by designing a real world example. The example application we're about to create will not contain properties, because Microsoft recommends a web service be stateless whenever possible.
We are going to make a stripped-down version of Passport. Our version will contain seven methods:
- bool Authenticate (string username, string password): This method will authenticate a user and return true if authenticated and false if not.
- bool AddUser (string username, string password, string name, string email): This method will add a user to the database. If successful, the method will return true, if not the method will return false.
- bool DeleteUser (string username): Will delete a user from the database. If successful the method will return true, if not the method will return false.
- bool EditUser (string username, string name, string email): This method will edit the user information. If successful the method will return true, if not the method will return false.
- bool ChangePassword (string username, string password): This method will change a user’s password. If successful the method will return true, if not the method will return false.
- string ReturnName (string username): this method returns a users name.
- string ReturnEmail (string username): this method returns a users email.
CREATE DATABASE minipassport
GO
CREATE TABLE Users (
UserName varchar (10) Primary Key NOT NULL ,
Name varchar (50) NOT NULL ,
EMail varchar (100) NOT NULL ,
Password varchar (10) NOT NULL
) ON PRIMARY
GO
The code for our web service looks like this:
<%@ WebService class = "miniPassport" Language="C#" Debug = "true"%>
using System;
using System.Data;
using System.Data.SqlClient;
using System.Web.Services;
[WebService(Name ="Mini Passport", Description="Web Service to Authenticate and Manage Users", Namespace = "devArticles")]
public class miniPassport
{
const string connStr = "server=127.0.0.1;uid=sa;pwd=;database=minipassport";
[WebMethod(Description = "Method to Authenticate Users")]
public bool Authenticate(string username, string password)
{
SqlConnection dbConn = new SqlConnection(connStr);
string sqlStr = "Select password from users where username = '" + username + "';";
dbConn.Open();
SqlCommand dbCommand = new SqlCommand(sqlStr,dbConn);
SqlDataReader dbReader = dbCommand.ExecuteReader();
bool returnBool;
if (dbReader.Read())
{
if (dbReader[0].ToString()==password)
{
returnBool = true;
}
else
{
returnBool = false;
}
}
else
{
returnBool=false;
}
dbReader.Close();
dbConn.Close();
return returnBool;
}
[WebMethod(Description = "Method to Add User")]
public bool AddUser(string username, string password, string name, string email)
{
bool returnBool = false;
SqlConnection dbConn = new SqlConnection(connStr);
string sqlStr = "INSERT INTO users(username,password,name,email) values('" + username + "', '" + password + "', '" + name + "', '" + email + "');";
SqlCommand dbCommand = new SqlCommand(sqlStr,dbConn);
try
{
dbConn.Open();
if (dbCommand.ExecuteNonQuery()!=0)
{
returnBool=true;
}
returnBool=true;
}
catch
{
returnBool=false;
}
dbConn.Close();
return returnBool;
}
[WebMethod(Description = "Method to Delete User")]
public bool DeleteUser(string username)
{
bool returnBool = false;
SqlConnection dbConn = new SqlConnection(connStr);
string sqlStr = "DELETE FROM users where username = '" + username +"';";
SqlCommand dbCommand = new SqlCommand(sqlStr,dbConn);
try
{
dbConn.Open();
if (dbCommand.ExecuteNonQuery()!=0)
{
returnBool=true;
}
}
catch
{
returnBool=false;
}
dbConn.Close();
return returnBool;
}
[WebMethod(Description = "Method to Edit User Information")]
public bool EditUser(string username, string name, string email)
{
bool returnBool = false;
SqlConnection dbConn = new SqlConnection(connStr);
string sqlStr = "UPDATE users SET username = '" + username +"',name = '"+name+"',email= '"+email+"';";
SqlCommand dbCommand = new SqlCommand(sqlStr,dbConn);
try
{
dbConn.Open();
if (dbCommand.ExecuteNonQuery()!=0)
{
returnBool=true;
}
}
catch
{
returnBool=false;
}
dbConn.Close();
return returnBool;
}
[WebMethod(Description = "Method to Change User Password")]
public bool ChangePassword(string username, string password)
{
bool returnBool = false;
SqlConnection dbConn = new SqlConnection(connStr);
string sqlStr = "UPDATE users SET password = '"+password+"';";
SqlCommand dbCommand = new SqlCommand(sqlStr,dbConn);
try
{
dbConn.Open();
if (dbCommand.ExecuteNonQuery()!=0)
{
returnBool=true;
}
}
catch
{
returnBool=false;
}
dbConn.Close();
return returnBool;
}
[WebMethod(Description = "Method to Obtain User Name")]
public string ReturnName(string username)
{
SqlConnection dbConn = new SqlConnection(connStr);
string sqlStr = "Select Name from users where username = '" + username + "';";
dbConn.Open();
SqlCommand dbCommand = new SqlCommand(sqlStr,dbConn);
SqlDataReader dbReader = dbCommand.ExecuteReader();
dbReader.Read();
string _name = dbReader[0].ToString();
dbReader.Close();
dbConn.Close();
return _name;
}
[WebMethod(Description = "Method to obtain User Email Address")]
public string ReturnEmail(string username)
{
SqlConnection dbConn = new SqlConnection(connStr);
string sqlStr = "Select email from users where username = '" + username + "';";
dbConn.Open();
SqlCommand dbCommand = new SqlCommand(sqlStr,dbConn);
SqlDataReader dbReader = dbCommand.ExecuteReader();
dbReader.Read();
string _name = dbReader[0].ToString();
dbReader.Close();
dbConn.Close();
return _name;
}
}
As you can see, there's nothing difficult about our code. It's composed from what we've covered throughout this article. If you add your own functionality and make it available on the web (or even register it on UDDI), then it's a complete authentication web service. This will allow other sites to incorporate our demo login system and centralize user information.
Comments