While working with web services one of the commonly faced question is - How do I secure my web service? One aspect of security is preventing anonymous access to the web service. This can be done in various ways such as passing user id and password with each web method call. One elegant alternative is to use SOAP headers to pass this authentication information. This code sample shows how to use SOAP headers to pass authentication information to the web service.
About SOAP Headers
Every SOAP message consists of SOAP body and optional header. SOAP header serve similar purpose as familiar HTTP headers such as passing some information. Note that SOAP headers are passed as plain text over the network. This means that if you need strong security measures you may not like to use them without some kind of encryption.
About Sample Source Code
A ZIP file is provided with this article for download. The ZIP contains two VS.NET projects - web service and web service client. The client passes user information such as User ID and Password in the SOAP headers to the web service. The web service then authenticates the user and sends back response accordingly.