<WebMethod()> Public Function HelloWorld() As String
Try
Dim requestCtx As SoapContext = HttpSoapContext.RequestContext
If requestCtx Is Nothing Then
Throw New ApplicationException("Only SOAP requests are
allowed")
End If
If Validate(requestCtx) = False Then
Throw New SoapException("Security token specified was not
valid", New System.Xml.XmlQualifiedName("Bad.Tokens",
http://localhost/securitytester/"))
End If
Dim responseCtx As SoapContext = HttpSoapContext.ResponseContext
responseCtx.Timestamp.Ttl = 60000
Return "HelloWorld"
Catch ex As Exception
Throw ex
End Try
End Function
Private Function Validate(ByVal Ctx As SoapContext) As Boolean
' If no security tokens are present, return false immediately
If Ctx.Security.Tokens.Count = 0 Then Return False
Dim valid As Boolean
Dim Count As Int16 = 0
For Count = 0 To Ctx.Security.Elements.Count - 1
Dim signature As Signature = Ctx.Security.Elements(Count)
If Not signature Is Nothing And signature.IncludesSoapBody Then
Dim UserToken As UsernameToken = signature.SecurityToken
If Not UserToken Is Nothing Then
Dim UserName As String = UserToken.Username
' Empty code block, this is where you would validate the
UserName value itself against a datastore
valid = True
End If
End If
Next
Return valid
End Function
