Web service
Web Service(WS) Security Tutorial with SOAP Example
What is WS Security? WS Security is a standard that addresses security when data is exchanged as part of...
SOAP is an XML-based protocol for accessing web services over HTTP. It has some specification which could be used across all applications.
SOAP is known as the Simple Object Access Protocol, but in later times was just shortened to SOAP v1.2. SOAP is a protocol or in other words is a definition of how web services talk to each other or talk to client applications that invoke them.
SOAP was developed as an intermediate language so that applications built on various programming languages could talk easily to each other and avoid the extreme development effort.
In this SOAP Web services tutorial, you will learn-
In today's world, there is huge number of applications which are built on different programming languages. For example, there could be a web application designed in Java, another in .Net and another in PHP.
Exchanging data between applications is crucial in today's networked world. But data exchange between these heterogeneous applications would be complex. So will be the complexity of the code to accomplish this data exchange.
One of the methods used to combat this complexity is to use XML (Extensible Markup Language) as the intermediate language for exchanging data between applications.
Every programming language can understand the XML markup language. Hence, XML was used as the underlying medium for data exchange.
But there are no standard specifications on use of XML across all programming languages for data exchange. That is where SOAP software comes in.
SOAP was designed to work with XML over HTTP and have some sort of specification which could be used across all applications. We will look into further details on the SOAP protocol in the subsequent chapters.
SOAP is the protocol used for data interchange between applications. Below are some of the reasons as to why SOAP is used.
The SOAP specification defines something known as a "SOAP message" which is what is sent to the web service and the client application.
The below diagram of SOAP architecture shows the various building blocks of a SOAP Message.
The SOAP message is nothing but a mere XML document which has the below components.
A simple SOAP service example of a complex type is shown below.
Suppose we wanted to send a structured data type which had a combination of a "Tutorial Name" and a "Tutorial Description," then we would define the complex type as shown below.
The complex type is defined by the element tag <xsd:complexType>. All of the required elements of the structure along with their respective data types are then defined in the complex type collection.
<xsd:complexType> <xsd:sequence> <xsd:element name="Tutorial Name" type="string"/> <xsd:element name="Tutorial Description" type="string"/> </xsd:sequence> </xsd:complexType>
<soap:Body> <GetTutorialInfo> <TutorialName>Web Services</TutorialName> <TutorialDescription>All about web services</TutorialDescription> </GetTutorialInfo> </soap:Body>
One thing to note is that SOAP messages are normally auto-generated by the web service when it is called.
Whenever a client application calls a method in the web service, the web service will automatically generate a SOAP message which will have the necessary details of the data which will be sent from the web service to the client application.
As discussed in the previous topic of this SOAP tutorial, a simple SOAP Message has the following elements –
Let's look at an example below of a simple SOAP message and see what element actually does.
Now, the above SOAP message will be passed between the web service and the client application.
You can see how useful the above information is to the client application. The SOAP message tells the client application what is the name of the Web service, and also what parameters it expects and also what is the type of each parameter which is taken by the web service.
The first bit of the building block is the SOAP Envelope.
The SOAP Envelope is used to encapsulate all of the necessary details of the SOAP messages, which are exchanged between the web service and the client application.
The SOAP envelope element is used to indicate the beginning and end of a SOAP message. This enables the client application which calls the web service to know when the SOAP message ends.
The following points can be noted on the SOAP envelope element.
Below is an SOAP API example of version 1.2 of the SOAP envelope element.
<?xml version="1.0"?> <SOAP-ENV:Envelope xmlns:SOAP-ENV="http://www.w3.org/2001/12/soap-envelope" SOAP-ENV:encodingStyle=" http://www.w3.org/2001/12/soap-encoding"> <soap:Body> <Guru99WebService xmlns="http://tempuri.org/"> <TutorialID>int</TutorialID> </Guru99WebService> </soap:Body> </SOAP-ENV:Envelope>
The Fault message
When a request is made to a SOAP web service, the response returned can be of either 2 forms which are a successful response or an error response. When a success is generated, the response from the server will always be a SOAP message. But if SOAP faults are generated, they are returned as "HTTP 500" errors.
The SOAP Fault message consists of the following elements.
Example for Fault Message
An example of a fault message is given below. The error is generated if the scenario wherein the client tries to use a method called TutorialID in the class GetTutorial.
The below fault message gets generated in the event that the method does not exist in the defined class.
<?xml version='1.0' encoding='UTF-8'?> <SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/1999/XMLSchema-instance" xmlns:xsd="http://www.w3.org/1999/XMLSchema"> <SOAP-ENV:Body> <SOAP-ENV:Fault> <faultcode xsi:type="xsd:string">SOAP-ENV:Client</faultcode> <faultstring xsi:type="xsd:string"> Failed to locate method (GetTutorialID) in class (GetTutorial) </faultstring> </SOAP-ENV:Fault> </SOAP-ENV:Body> </SOAP-ENV:Envelope>
Output:
When you execute the above code, it will show the error like "Failed to locate method (GetTutorialID) in class (GetTutorial)"
All communication by SOAP is done via the HTTP protocol. Prior to SOAP, a lot of web services used the standard RPC (Remote Procedure Call) style for communication. This was the simplest type of communication, but it had a lot of limitations.
Now in this SOAP API tutorial, let's consider the below diagram to see how this communication works. In this example, let's assume the server hosts a web service which provided 2 methods as
In the normal RPC style communication, the client would just call the methods in its request and send the required parameters to the server, and the server would then send the desired response.
The above communication model has the below serious limitations
To overcome all of the limitations cited above, SOAP would then use the below communication model
Now in this SoapUI tutorial, let's see a practical SOAP example,
Probably one of the best ways to see how SOAP messages get generated is to actually see a web service in action.
This topic will look at using the Microsoft.Net framework to build an ASMX web service. This type of web service supports both SOAP version 1.1 and version 1.2.
ASMX web services automatically generate the Web Service Definition Language (WSDL) document. This WSDL document is required by the calling client application so that the application knows what the web service is capable of doing.
In our example, we are going to create a simple web service, which will be used to return a string to the application which calls the web service.
This web service will be hosted in an Asp.Net web application. We will then invoke the web service and see the result that is returned by the web service.
Visual Studio will also show us what the SOAP message being passed between the web service and the calling application.
The first pre-requisite to setup our Web service application which can be done by following the below steps.
Please ensure that you have Visual Studio 2013 installed on your system for this example.
Step 1) The first step is to create an empty ASP.Net Web application. From Visual Studio 2013, click on the menu option File->New project.
Once you click on the New Project option, Visual Studio will then give you another dialog box for choosing the type of project and to give the necessary details of the project. This is explained in the next step.
Step 2) In this step,
Once done you will see the project file created in your solution explorer in Visual Studio 2013.
Step 3) In this step,
We are going to add a Web service file to our project
Step 4) Add the following code to your Tutorial Service asmx file.
Code Explanation:
If the code is executed successfully, the following Output will be shown when you run your code in the browser.
Output:
The above output,
The SOAP request which is generated when the web service is called is shown below.
Code Explanation:
<soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <soap:Body> <Guru99WebServiceResponse xmlns="http://tempuri.org/"> <Guru99WebServiceResult>string</Guru99WebServiceResult> </Guru99WebServiceResponse> </soap:Body> </soap:Envelope>
Code Explanation:
Summary
What is WS Security? WS Security is a standard that addresses security when data is exchanged as part of...
What is SOAP? SOAP is a protocol which was designed before REST and came into the picture. The...
What is Restful Web Services? Restful Web Services is a lightweight, maintainable, and scalable...
A service-oriented architecture (SOA) is an architectural pattern in computer software design in...
What is JSON? JSON is used to store information in an organized, and easy-to-access manner. Its...
What is SOA? SOA is an architectural pattern in computer software design. In this type of...