I want to (a) capture every SOAP request and log them and (b) implement
security for a web service which just entails hitting a database for a
username and password. The web service allows all 3 protocols (SOAP, POST,
GET).

For the (a) logging of SOAP requests, I was planning on just using a SOAP
Extension. For the (b)security, what would be the best way to implement? I'm
trying to avoid the obvious(easiest) way of adding the username and password
to each method. I was thinking about passing the security info in the headers.
The SOAP Header is a no-brainer, but are there problems with passing the
info in the headers for POST and GET that anyone could elaborate on?

If this is a viable option, would I need to implement something like a custom
HttpModule to "intercept' the requests (which could "parse" the request and
extract the info depending on what is being sent)?

Any advice or snippets of code that you have seen (I admittedly have never
done this before) would be appreciated.


--
Message posted via DotNetMonster.com
[url]http://www.dotnetmonster.com/Uwe/Forums.aspx/dotnet-webservices/200507/1[/url]