Listing H
'##############################################################################
' Author: Kevin Koch
' Description:  This class represents a web service providing functionality
'              regarding Orders. The web service is locked down and secured
'              through its Web.config file residing in the /ws/ directory.
'               Authentication is provided via a custom soap header which must
'               be present in each method invocation
'##############################################################################
 
 
 
 
Imports System.Web.Services
Imports System.Web.Security
Imports System.Web.Services.Protocols
 
 
 
 
' Class defining the SOAP Header security context for this Web Service
Public Class OrderSecurityContext
    Inherits SoapHeader
 
 
    Public ClientId As Int32
    Public WSToken As String
 
 
End Class
 
 
 
 
<WebService(Namespace:="http://tempuri.org/")> _
Public Class OrderWS
    Inherits System.Web.Services.WebService
 
 
#Region " Web Services Designer Generated Code "
 
 
    Public Sub New()
        MyBase.New()
 
 
        'This call is required by the Web Services Designer.
        InitializeComponent()
 
 
        'Add your own initialization code after the InitializeComponent() call
 
 
    End Sub
 
 
    'Required by the Web Services Designer
    Private components As System.ComponentModel.IContainer
 
 
    'NOTE: The following procedure is required by the Web Services Designer
    'It can be modified using the Web Services Designer. 
    'Do not modify it using the code editor.
    <System.Diagnostics.DebuggerStepThrough()> Private Sub InitializeComponent()
        components = New System.ComponentModel.Container()
    End Sub
 
 
    Protected Overloads Overrides Sub Dispose(ByVal disposing As Boolean)
        'CODEGEN: This procedure is required by the Web Services Designer
        'Do not modify it using the code editor.
        If disposing Then
            If Not (components Is Nothing) Then
                components.Dispose()
            End If
        End If
        MyBase.Dispose(disposing)
    End Sub
 
 
#End Region
 
 
 
 
    Public OrderSecurityCtx As OrderSecurityContext
 
 
    Private Const CLASS_NAME As String = "OrderWS"
    Private WebUtil As New WSUtil()
 
 
 
 
    '================================================================================================================================
    ' This method uses the SOAP Header parameters to determine the web service consumer
    ' If authenticated, the method creates a new customer order
    '================================================================================================================================
    <WebMethod(), SoapHeader("OrderSecurityCtx", Required:=True)> _
    Public Function CreateOrder(ByVal OrderId As Int32, ByVal BookIds As ArrayList) As Boolean
        Const METHOD_NAME As String = "CreateOrder"
        Try
            If WebUtil.Authenticate(OrderSecurityCtx) = False Then Throw New System.Security.SecurityException("Unauthorized access")
 
 
            Dim OrderObj As New OrderServices()
            OrderObj.CreateOrder(OrderId, BookIds, OrderSecurityCtx.ClientId)
 
 
            Return True
 
 
        Catch BizEx As BizTierException
           'Exception has already been logged, just throw it to the consumer
            Throw BizEx
        Catch DbEx As DbTierException
            'Exception has already been logged, just throw it to the consumer
            Throw DbEx
        Catch ex As Exception
            Log.WriteLogEntry(ex, Me.CLASS_NAME, METHOD_NAME)
            Throw New WSException(ex.Message, ex)
        End Try
 
 
    End Function
 
 
 
 
    '================================================================================================================================
    ' This method uses the SOAP Header parameters to determine the web service consumer
    ' If authenticated, the method searches orders based on the parameter criteria
    '================================================================================================================================
    <WebMethod(), SoapHeader("OrderSecurityCtx", Required:=True)> _
    Public Function GetOrders(ByVal OrderId As Int32, ByVal OrderStatus As String, ByVal ClientId As Int32) As DataSet
        Const METHOD_NAME As String = "CreateOrder"
        Try
            If WebUtil.Authenticate(OrderSecurityCtx) = False Then Throw New System.Security.SecurityException("Unauthorized access")
 
 
            Dim OrderObj As New OrderServices()
            Return OrderObj.GetOrders(OrderId, OrderStatus, ClientId)
 
 
        Catch BizEx As BizTierException
            'Exception has already been logged, just throw it to the consumer
            Throw BizEx
        Catch DbEx As DbTierException
            'Exception has already been logged, just throw it to the consumer
            Throw DbEx
        Catch ex As Exception
            Log.WriteLogEntry(ex, Me.CLASS_NAME, METHOD_NAME)
            Throw New WSException(ex.Message, ex)
        End Try
 
 
    End Function
 
 
 
 
 
 
End Class