Web Service

Web Service lets you set up metadata driven Web Service queries that can be called by the ExecuteMethod web method in xWeb or the XslGenerator in CMS.

A Web Service consists of the following three records:

  • Web Method - A Web Service will have one or more Web Methods. Each Web Method is like a query. For example, you might have one web method that returns a list of events, another that returns a list of sessions for a particular event, another that returns a list of Members based on a search criteria.
  • Web Method Node - Each Web Method will have one Node. In the Node, you enter the SQL Command and any parameters that will be run. When calling programs such as ExecuteMethod invoke a particular Web Method, it will run the SQL command in the Node and return those results as XML.
  • Web Method Security - Each Web Method may have one or more Security records that limit which Users can run the method. This security structure is used in different ways by different calling programs.

Web Service

The Web Service is the top record. Think of Web Service as a way to categorize or classify your Web Methods.

You will add a Web Service in the Toolkit module.


Enter the web service name and web service namespace.

Add Web Service Form

Web Method

Web Method

A Web Service will have at least one Web Method and may have as many as desired.

  • Web Method - The name of the web method. Must be unique within the Web Service.
  • Notes - Used to record reference notes. For internal use only. Not accessed by any program.
  • Allow Anonymous Access - Used in different ways by different programs. XslGenerator ignores this. ExecuteMethod will not check Web Method Security if this check box is selected, but will still require the program to Authenticate. Abila recommends not selecting this check box.

Web Method Node

Web Method Node
Web Method Node

Web Method Security

Web Method Security

Web Method Security is used in different ways by different programs.

  • If you are setting up a Web Method for XslGenerator, this section is ignored.
  • If you are setting up a Web Method for ExecuteMethod, then you should add any xWeb Users who are authorized to run this Web Method by entering their user name(s) in the Server IP field (don't be confused you are entering a user name and not an IP address, this field is used differently for other applications). Add one record for each xWeb user. If you check the allow anonymous access check box for the web method, then you do not need to add any security records. We recommend NOT checking allow anonymous access to better manage your security.
  • If writing .NET code (see DynamicXmlBuilder class) you use this security.

Set Up

Using the authorized web servers child form on the Web Method page, you may assign which users (via userName parameter in Authenticate method) are allowed to run which ExecuteMethod web methods.

ExecuteMethod will not allow a program to run the web method unless is has successfully authenticated with a valid userName/password, which in the nearby example is AVxWebUser.

With this approach, you could define many web methods but allow only certain users to run each web method. If a calling program passes a valid Token, but is not configured as an authorized user for that web method, then an exception will be thrown by the web method.

You may turn off this security for any web method by checking the allow anonymous access check box. Do not worry about the red warning on the page; unchecking this check box will not actually make this method callable by anyone. Any programming attempting to call this web service still must successfully call the Authenticate web method. ExecuteMethod does not implement table/column security in the way that GetQuery and other xWeb methods do. The assumption is that if you develop an ExecuteMethod web method definition, and permit a calling program to run it, then you are OK with the data that program will get from calling the web method.

Do not be confused that you are entering a username instead of an IP address in the Server IP field. Avectra is repurposing that field for this specific Web Method. This check box is implemented differently in DynamicXmlBuilder, so don't get confused by the different meaning of the check box on that page.

You may also enter the from date and through date. If left empty, access is indefinite. The server name is for internal reference and is not used by the system.

Metadata Caching

For the ExecuteMethod implementation of this feature, the Web Method Security setup is cached with a 10-minute sliding expiration, also for performance purposes. In other words, xWeb will check the database for permissions, then save this in memory for 10 minutes since the last time it is accessed.