ASP.NET

Building XML Web Services Using C# and ASP.NET

The term "web service" has been used quite frequently lately: you hear people saying how good web services are and how they will dominate the future of software development, but what exactly are web services and how can we create them? In this article James shows us how to build two web services and also unravels all of the lingo surrounding web services.

Author Info:

By: James Yang

Poor Best

Rating:

/ 78

March 29, 2002

TABLE OF CONTENTS:

· Building XML Web Services Using C# and ASP.NET
· What is a web service?
· A simple web service
· Other web service features
· Real world application
· Conclusion

Building XML Web Services Using C# and ASP.NET - Real world application
(Page 5 of 6 )

Well, we've learnt all of the fundamentals for building web services. It's time to put what we've learnt into practice by designing a real world example. The example application we're about to create will not contain properties, because Microsoft recommends a web service be stateless whenever possible.

We are going to make a stripped-down version of Passport. Our version will contain seven methods:

bool Authenticate (string username, string password): This method will authenticate a user and return true if authenticated and false if not.
bool AddUser (string username, string password, string name, string email): This method will add a user to the database. If successful, the method will return true, if not the method will return false.
bool DeleteUser (string username): Will delete a user from the database. If successful the method will return true, if not the method will return false.
bool EditUser (string username, string name, string email): This method will edit the user information. If successful the method will return true, if not the method will return false.
bool ChangePassword (string username, string password): This method will change a user’s password. If successful the method will return true, if not the method will return false.
string ReturnName (string username): this method returns a users name.
string ReturnEmail (string username): this method returns a users email.

Our example makes use of an SQL server database. Use the following TSQL in query analyzer to create our database (In our example I will assume that SQL Server is installed on the same machine as where the web service will reside):

CREATE DATABASE minipassport

GO

CREATE TABLE Users (

UserName varchar (10) Primary Key NOT NULL ,

Name varchar (50) NOT NULL ,

EMail varchar (100) NOT NULL ,

Password varchar (10) NOT NULL

) ON PRIMARY

GO

The code for our web service looks like this:

<%@ WebService class = "miniPassport" Language="C#" Debug = "true"%>

using System;

using System.Data;

using System.Data.SqlClient;

using System.Web.Services;

[WebService(Name ="Mini Passport", Description="Web Service to Authenticate and Manage Users", Namespace = "devArticles")]

public class miniPassport

{

const string connStr = "server=127.0.0.1;uid=sa;pwd=;database=minipassport";

[WebMethod(Description = "Method to Authenticate Users")]

public bool Authenticate(string username, string password)

{

SqlConnection dbConn = new SqlConnection(connStr);

string sqlStr = "Select password from users where username = '" + username + "';";

dbConn.Open();

SqlCommand dbCommand = new SqlCommand(sqlStr,dbConn);

SqlDataReader dbReader = dbCommand.ExecuteReader();

bool returnBool;

if (dbReader.Read())

{

if (dbReader[0].ToString()==password)

{

returnBool = true;

}

else

{

returnBool = false;

}

}

else

{

returnBool=false;

}

dbReader.Close();

dbConn.Close();

return returnBool;

}

[WebMethod(Description = "Method to Add User")]

public bool AddUser(string username, string password, string name, string email)

{

bool returnBool = false;

SqlConnection dbConn = new SqlConnection(connStr);

string sqlStr = "INSERT INTO users(username,password,name,email) values('" + username + "', '" + password + "', '" + name + "', '" + email + "');";

SqlCommand dbCommand = new SqlCommand(sqlStr,dbConn);

try

{

dbConn.Open();

if (dbCommand.ExecuteNonQuery()!=0)

{

returnBool=true;

}

returnBool=true;

}

catch

{

returnBool=false;

}

dbConn.Close();

return returnBool;

}

[WebMethod(Description = "Method to Delete User")]

public bool DeleteUser(string username)

{

bool returnBool = false;

SqlConnection dbConn = new SqlConnection(connStr);

string sqlStr = "DELETE FROM users where username = '" + username +"';";

SqlCommand dbCommand = new SqlCommand(sqlStr,dbConn);

try

{

dbConn.Open();

if (dbCommand.ExecuteNonQuery()!=0)

{

returnBool=true;

}

}

catch

{

returnBool=false;

}

dbConn.Close();

return returnBool;

}

[WebMethod(Description = "Method to Edit User Information")]

public bool EditUser(string username, string name, string email)

{

bool returnBool = false;

SqlConnection dbConn = new SqlConnection(connStr);

string sqlStr = "UPDATE users SET username = '" + username +"',name = '"+name+"',email= '"+email+"';";

SqlCommand dbCommand = new SqlCommand(sqlStr,dbConn);

try

{

dbConn.Open();

if (dbCommand.ExecuteNonQuery()!=0)

{

returnBool=true;

}

}

catch

{

returnBool=false;

}

dbConn.Close();

return returnBool;

}

[WebMethod(Description = "Method to Change User Password")]

public bool ChangePassword(string username, string password)

{

bool returnBool = false;

SqlConnection dbConn = new SqlConnection(connStr);

string sqlStr = "UPDATE users SET password = '"+password+"';";

SqlCommand dbCommand = new SqlCommand(sqlStr,dbConn);

try

{

dbConn.Open();

if (dbCommand.ExecuteNonQuery()!=0)

{

returnBool=true;

}

}

catch

{

returnBool=false;

}

dbConn.Close();

return returnBool;

}

[WebMethod(Description = "Method to Obtain User Name")]

public string ReturnName(string username)

{

SqlConnection dbConn = new SqlConnection(connStr);

string sqlStr = "Select Name from users where username = '" + username + "';";

dbConn.Open();

SqlCommand dbCommand = new SqlCommand(sqlStr,dbConn);

SqlDataReader dbReader = dbCommand.ExecuteReader();

dbReader.Read();

string _name = dbReader[0].ToString();

dbReader.Close();

dbConn.Close();

return _name;

}

[WebMethod(Description = "Method to obtain User Email Address")]

public string ReturnEmail(string username)

{

SqlConnection dbConn = new SqlConnection(connStr);

string sqlStr = "Select email from users where username = '" + username + "';";

dbConn.Open();

SqlCommand dbCommand = new SqlCommand(sqlStr,dbConn);

SqlDataReader dbReader = dbCommand.ExecuteReader();

dbReader.Read();

string _name = dbReader[0].ToString();

dbReader.Close();

dbConn.Close();

return _name;

}

}

As you can see, there's nothing difficult about our code. It's composed from what we've covered throughout this article. If you add your own functionality and make it available on the web (or even register it on UDDI), then it's a complete authentication web service. This will allow other sites to incorporate our demo login system and centralize user information.

Our mini passport web service