Listing D
'##############################################################################
' Author: Kevin Koch
' Description:  This class represents a web service providing functionality
'              regarding Orders. The Web service is locked down and secured
'              through its Web.config file residing in the /ws/ directory.
'               Authentication is provided via a custom soap header, which must
'              be present in each method invocation.
'##############################################################################
 
 
 
 
 
 
Imports System.Web.Services
Imports System.Web.Security
Imports System.Web.Services.Protocols
Imports System.Threading
 
 
 
 
' Class defining the SOAP Header security context for this Web Service
Public Class OrderSecurityContext
    Inherits SoapHeader
 
 
    Public WSToken As String
 
 
End Class
 
 
 
 
<WebService(Namespace:="http://tempuri.org/")> _
Public Class OrderWS
    Inherits System.Web.Services.WebService
 
 
#Region " Web Services Designer Generated Code "
 
 
    Public Sub New()
        MyBase.New()
 
 
        'This call is required by the Web Services Designer.
        InitializeComponent()
 
 
       'Add your own initialization code after the InitializeComponent() call
 
 
    End Sub
 
 
    'Required by the Web Services Designer
    Private components As System.ComponentModel.IContainer
 
 
    'NOTE: The following procedure is required by the Web Services Designer
    'It can be modified using the Web Services Designer.
    'Do not modify it using the code editor.
    <System.Diagnostics.DebuggerStepThrough()> Private Sub InitializeComponent()
        components = New System.ComponentModel.Container()
    End Sub
 
 
    Protected Overloads Overrides Sub Dispose(ByVal disposing As Boolean)
        'CODEGEN: This procedure is required by the Web Services Designer
        'Do not modify it using the code editor.
        If disposing Then
            If Not (components Is Nothing) Then
                components.Dispose()
            End If
        End If
        MyBase.Dispose(disposing)
    End Sub
 
 
#End Region
 
 
 
 
    Public OrderSecurityCtx As OrderSecurityContext
 
 
    Private Const CLASS_NAME As String = "OrderWS"
    Private WebUtil As New WSUtil()
 
 
 
 
    '================================================================================================================================
   ' This method uses the SOAP Header parameters to determine the Web service consumer.
   ' If authenticated, the method creates a new customer order.
    ' The information regarding the order and the books contained in the order as passed to us from John's app in the OrderDs parameter
    '================================================================================================================================
    <WebMethod(), SoapHeader("OrderSecurityCtx", Required:=True)> _
    Public Function ConfirmOrder(ByVal OrderId As Int32, ByVal OrderDs As DataSet) As Int32
       Const METHOD_NAME As String = "ConfirmOrder"
        Try
            If WebUtil.Authenticate(OrderSecurityCtx) = False Then Throw New System.Security.SecurityException("Unauthorized access")
 
 
            ' Ensure the Id is valid
            Utils.Assert(OrderId)
 
 
            Dim OrderObj As New OrderServices()
            ' Complete the order and retrieve the customer Id who placed the order
            Dim CustIdDs As DataSet = OrderObj.ConfirmOrder(OrderId)
 
 
            ' Retrieve the full profile of the customer who placed this order and email them confirmation
            Dim CustObj As New CustomerServices()
            Dim CustDs As DataSet = CustObj.GetCustomerById(Convert.ToInt32(CustIdDs.Tables(0).Rows(0).Item(CustomerDb.FIELD_CUSTOMER_ID)))
 
 
           With CustDs.Tables(0).Rows(0)
                Dim EmailObj As New EmailUtil(OrderDs, .Item(CustomerDb.FIELD_EMAIL), .Item(CustomerDb.FIELD_FIRST_NAME) + " " + .Item(CustomerDb.FIELD_LAST_NAME))
                Dim asyncOpIsDone As New AutoResetEvent(False)
                ThreadPool.QueueUserWorkItem(New WaitCallback(AddressOf EmailObj.SendCompletedOrderConfirmation), asyncOpIsDone)
            End With
 
 
            Return OrderId
 
 
        Catch BizEx As BizTierException
            'Exception has already been logged, just throw it to the consumer
            Throw BizEx
        Catch DbEx As DbTierException
            'Exception has already been logged, just throw it to the consumer
            Throw DbEx
        Catch ex As Exception
            Log.WriteLogEntry(ex, Me.CLASS_NAME, METHOD_NAME)
            Throw New WSException(ex.Message, ex)
        End Try
 
 
    End Function
 
 
 
 
End Class