When you think ASP, think...
Recent Articles
All Articles
ASP.NET Articles
ASPFAQs.com
Message Board
Related Web Technologies
User Tips!
Coding Tips
Search

Sections:
Book Reviews
Sample Chapters
Commonly Asked Message Board Questions
JavaScript Tutorials
MSDN Communities Hub
Official Docs
Security
Stump the SQL Guru!
Web Hosts
XML
Information:
Advertise
Feedback
Author an Article
Jobs

ASP ASP.NET ASP FAQs Message Board Feedback ASP Jobs
 
Print this Page!
Published: Wednesday, June 26, 2002

Creating and Consuming a Web Service

By Scott Mitchell


For More Information on Web Services...
This article assumes a basic understanding of Web Services. For a high-level introduction to Web Services be sure to read the following articles:

- continued -

Introduction


One of the most powerful aspects of .NET is the ease with which one can create Web Services. A Web Service is an external interface provided by a Web site that can be called from other Web sites. For example, a financial company may make up to the minute stock quotes available via a Web Service for those who do their trading with that company. This information could be read from a Web page and displayed, or read from a stand-alone application on a customer's desktop computer.

In this article we'll examine the two parts of a Web Service: how to create it and how to consume it. Specifically, we'll be creating a Web Service that exposes the FAQs from ASPFAQs.com.

Creating the Web Service


When creating a Web Service you must ask yourself, "What service am I trying to provide my users?" The goal of this article is to create a Web Service that will allow other Web sites to provide a listing of the FAQs from ASPFAQs.com on their site. Ideally, I want to restrict other sites to only being able to view the listing of FAQ categories and the FAQs by category. If they wish to view an "Answer" to a FAQ, I want the user to have to visit www.aspfaqs.com. Formally, my Web Service should provide other Web sites the ability to:

  1. View a listing of all of the FAQ categories
  2. View a listing of all of the FAQs for a particular category
  3. View the "Question" (but not the Answer) for a particular FAQ

Creating Web Services is quite simple. Start by creating a .asmx file (either through Visual Studio .NET or your favorite text editor (may I suggest Web Matrix, which has a template for creating Web Services)). The Web Service is created as an ordinary class; the methods that have the <WebMethod()> macro before them indicate the method is accessible via the Web Service.

For the ASPFAQs.com Web Service, we will create three Web Service-accessible methods: GetCategories, GetFAQsInCategory, and GetFAQ, which perform the tasks (1), (2), and (3) outlined above, respectively. A private helper function, GetDataSet, is also included, which essentially populates a DataSet based on a passed in SQL query. The code for our Web Service class can be seen below:

<%@ WebService Language="VB" Class="ASPFAQs" %>
Imports System.Web.Services
Imports System.Data
Imports System.Data.SqlClient
Imports System.Configuration

Public Class ASPFAQs
  Private Function GetDataSet(strSQL as String) as DataSet
    '1. Create a connection
    Dim myConnection as New SqlConnection(ConnectionString)

    '2. Create the command object, passing in the SQL string    
    Dim myCommand as New SqlCommand(strSQL, myConnection)

    myConnection.Open()

    '3. Create the DataAdapter
    Dim myDataAdapter as New SqlDataAdapter()
    myDataAdapter.SelectCommand = myCommand


    '4. Populate the DataSet and close the connection
    Dim myDataSet as New DataSet()
    myDataAdapter.Fill(myDataSet)
    myConnection.Close()
    
    'Return the DataSet
    Return myDataSet  
  End Function
    

  <WebMethod()> Public Function GetCategories() as DataSet
    Return GetDataSet(SQL Query for Retrieving the FAQ Categories)
  End Function


  <WebMethod()> Public Function GetFAQsInCategory(catID as Integer) as DataSet
    Return GetDataSet(SQL Query for Retrieving the FAQs for Category catID)
  End Function
  

  <WebMethod()> Public Function GetFAQ(FAQID as Integer) as DataSet
    Return GetDataSet(SQL Query for Retrieving the FAQ FAQID)
  End Function
End Class

Some things to note: the three Web Service-accessible methods are predicated with <WebMethod()>; at the top of the .asmx file is a @WebService directive that specifies the language and class in the file; the Web Service is named ASPFAQs, as shown by the class name. Once you have created this .asmx file and stored it on a Web-accessible directory, you can view the methods by visiting the page directly through your Web browser. For example, I named my Web Service file ASPFAQs.asmx and saved it in the /ws directory; so, by visiting http://aspnet.4guysfromrolla.com/ws/ASPFAQs.asmx, you can see a listing of the Web Method's public methods. Furthermore, you can "try out" the Web Methods by providing input parameters and viewing the returned results.

If you read last week's Protecting Yourself from SQL Injection Attacks article you may be concerned that in using Web Services that accept parameters that are used directly in a SQL statement you are opening yourself up to a SQL Injection attack. (The GetFAQsInCategory and GetFAQ are two such methods that may concern the alert reader.) However, SQL Injection attack is not a problem here because the Web Service code automatically ensures that the input parameter is of the correct type, which is Integer here. Hence, if a malicious user attempts to pass to the Web Service an input parameter of, say, 0 'malicious SQL statement, an error message like Cannot convert 0 'malicious SQL to System.Int32. Parameter name: type --> Input string was not in a correct format will be returned. If, however, the input string is of type String, you should be sure to sanitize the input string by replacing all single apostrophes with two successive single apostrophes.

As the creator of the Web Service, our job is done - we've created the Web Service and other Web sites can now use it through their Web site. You may be wondering, though, how a Web Service can be "consumed" by another Web site. In Part 2 we'll examine how this can be easily accomplished using Visual Studio .NET. Read on to learn more!

  • Read Part 2!



  • ASP.NET [1.x] [2.0] | ASPMessageboard.com | ASPFAQs.com | Advertise | Feedback | Author an Article