Re: use SOAP header for asp.net session state

Thank for all your responses.

Some background here. We are creating web services for our customer to get data in and out of the system. The web services can be consumed by any type of applications.

I totally agree the web services should stateless, and currently we actually don't need to maintain state between the calls.

We are planning to create a custom authentication ticket, which will be passed within SOAP header. I am not looking for a solution to use SOAP header to maintain "cookie", I am just want to make sure ASP.NET doesn't support SOAP header based session management, and we won't encounter any compatibility issue in the future if we do need to maintain session state for some odd reasons.

Interesting enough, I believe SQL server 2005 web services is actually using SOAP header to maintain session state. The SQL Server Reporting Services also saves execution ID, which is equivalent to session id, in SOAP header to maintain session state. That's why I really want to make sure SOAP header is not a valid session state management option is ASP.NET 2.0

Other alternative approaches, which provide minimum state management, are very welcome.


Thanks


"Steven Cheng[MSFT]" <stcheng@xxxxxxxxxxxxxxxxxxxx> wrote in message news:b6mnx0ICHHA.4752@xxxxxxxxxxxxxxxxxxxxxxxx
Thanks for John's input.

Hi InvalidLastName,

I agree with John, actually XML webservice is designed as stateless and
connectionless. As for both application Cache or SessionState, they're
specific to the ASP.NET web application, ASP.NET include it in case both
the client and server-side use .net framework. When use SessionState, if
you use .net framework to generate the client proxy, it will use the
HttpWebRequest class to send/receive webservice request/response SOAP
message. And for HttpWebRequest class, it has a Cookie property which is of
CookieContainer type. This is how .net webservice client proxy keep the
cookie returned from server-side ASP.NET webservice(if we've used).

So the problem here is whether your webservice will be consumed by any
other non-dotnet platform? If so, using cookie is not a good idea, and so
far I haven't found any standard specification on use SOAP Header to
maintain cookie since it is not included in the webservice standard.

BTW, would you provide some further details on your scenario and why you
would use cookie (to keep any state) in your webservice client & server? I
think we may have a look for some other alternative approachs.

Please feel free to post here if you have any questions or other concerns.

Sincerely,

Steven Cheng

Microsoft MSDN Online Support Lead



==================================================

Get notification to my posts through email? Please refer to
http://msdn.microsoft.com/subscriptions/managednewsgroups/default.aspx#notif
ications.



Note: The MSDN Managed Newsgroup support offering is for non-urgent issues
where an initial response from the community or a Microsoft Support
Engineer within 1 business day is acceptable. Please note that each follow
up response may take approximately 2 business days as the support
professional working with you may need further investigation to reach the
most efficient resolution. The offering is not appropriate for situations
that require urgent, real-time or phone-based interactions or complex
project analysis and dump analysis issues. Issues of this nature are best
handled working with a dedicated Microsoft Support Engineer by contacting
Microsoft Customer Support Services (CSS) at
http://msdn.microsoft.com/subscriptions/support/default.aspx.

==================================================



This posting is provided "AS IS" with no warranties, and confers no rights.

Relevant Pages

  • Re: use SOAP header for asp.net session state
    ... HttpWebRequest class to send/receive webservice request/response SOAP ... cookie returned from server-side ASP.NET webservice. ... Microsoft MSDN Online Support Lead ... where an initial response from the community or a Microsoft Support ...
    (microsoft.public.dotnet.framework.aspnet.webservices)
  • Re: publishing Hello World to local IIS
    ... "Decorate" means to beautify to me and I was at a loss as to how that worked with web services. ... The "WebMethodAttribute" I mentioned is used to indicate that a certain class method of the webservice class should be exposed as "webmethod". ... Public Function HelloWorld() As String ... Public Class Service1 ...
    (microsoft.public.dotnet.framework.webservices)
  • Re: Dynamic binding in webservices
    ... My code uses web services to transfer some secure data over SSL. ... webservice which is triggered by an asp page. ... Then to work wiht the XML ... > you can use the classes from the System.Xml namespace. ...
    (microsoft.public.dotnet.framework.aspnet.webservices)
  • Re: Dynamic binding in webservices
    ... > My code uses web services to transfer some secure data over SSL. ... > webservice which is triggered by an asp page. ... Then to work wiht the XML ... >> you can use the classes from the System.Xml namespace (like ...
    (microsoft.public.dotnet.framework.aspnet.webservices)
  • RE: Finding "uncataloged" Web Services?
    ... Microsoft MSDN Online Support Lead ... where an initial response from the community or a Microsoft Support ... We are trying to catalog our internal web services. ... but in some cases we may have multiple URL's on servers. ...
    (microsoft.public.dotnet.xml)