webService访问加密-Soapheader

发布时间：2020-12-16 22:30:24 所属栏目：安全来源：网络整理

导读：WebService head 加密，可以对 ?WebService 设置访问用户名和密码，增强 ?WebService 的安全性 ? 使 ?WebService 只能被授权用户使用。 ? 具体实现步骤： ? 1、? 定义一个 ?soapheader 派生类用来实现 ?WebService 访问权限验证 [csharp] ? view plain copy

WebService head加密，可以对?WebService设置访问用户名和密码，增强?WebService的安全性?使?WebService只能被授权用户使用。?

具体实现步骤：?

1、?定义一个?soapheader派生类用来实现?WebService访问权限验证

[csharp]? 
   view plain 
   copy 
    
   
 <span?style="font-size:10px;">using?System;??
 using?System.Data;??
 using?System.Configuration;??
using?System.Web;??
using?System.Web.Security;??
using?System.Web.UI;??
using?System.Web.UI.HtmlControls;??
using?System.Web.UI.WebControls;??
using?System.Web.UI.WebControls.WebParts;??
 ??
 ///?<summary>??
 ///MySoapHeader?的摘要说明??
///?</summary>??
public?class?MySoapHeader:System?.Web?.Services?.Protocols?.SoapHeader???
 {??
 ????private?string?_uname?=?string.Empty;//webservice访问用户名??
 ??
string?Uname??
 ????{??
 ????????get?{?return?_uname;?}??
 ????????set?{?_uname?=?value;?}??
 ????}??
 ????string?_password?=?//webservice访问密码??
string?Password??
 ????{??
return?_password;?}??
set?{?_password?=?value;?}??
 ????}??
public?MySoapHeader()??
 ?????//??
 ?????//TODO:?在此处添加构造函数逻辑??
public?MySoapHeader(string?uname,?string?upass)??
 ????????init(uname,?upass);??
void?init(this._password?=?upass;??
this._uname?=?uname;??
 ????//验证用户是否有权访问内部接口??
bool?isValid(string?upass,153); font-weight:bold; background-color:inherit">out?string?msg)??
 ????????msg?=?"";??
if?(uname?==?"admin"?&&?upass?=="admin")??
 ????????{??
 ????????????return?true;??
 ????????}??
else?{??
 ????????????msg?=?"对不起！您无权调用此WebService！";??
false;??
 ????//验证用户是否有权访问外部接口??
string?msg)??
return?isValid(_uname,?_password,out?msg);??
 }??
 </span>??

2、?定义有需要验证的?WebService。?

copy 
    
   

?System.Collections;??

using?System.Linq;??
using?System.Web.Services;??
using?System.Web.Services.Protocols;??
using?System.Xml.Linq;??
///test?的摘要说明??
[WebService(Namespace?=?"http://tempuri.org/")]??
[WebServiceBinding(ConformsTo?=?WsiProfiles.BasicProfile1_1)]??
//若要允许使用?ASP.NET?AJAX?从脚本中调用此?Web?服务，请取消对下行的注释。???
//?[System.Web.Script.Services.ScriptService]??
class?test?:?System.Web.Services.WebService?{??
public?test?()?{??
????????//如果使用设计的组件，请取消注释以下行???
????????//InitializeComponent();???
public?MySoapHeader?myheader?=?new?MySoapHeader();??
????[WebMethod]??
string?HelloWorld()?{//普通WebService，无需验证??
return?"Hello?World";??
????[SoapHeader("myheader")]//加入此头部的WebService需要验证，不加则为普通WebService无需验证??
????[WebMethod(Description?=?"根据产品编号查询产品的价格",?EnableSession?=?true)]??
string?GetProductPrice2(string?ProductId)??
string?msg?=?"";??
//验证是否有权访问??
if?(!myheader.isValid(out??msg))??
????????????return?-1;//返回错误信息??
return?ProductId;??
?}????????????
???</span>??

3、?客户端调用方法?

引用?WebService定义?WebService名称为?:Myservice

copy 
    
   

?System.Configuration;??

using?System.Data;??
public?partial?class?_Default?:?System.Web.UI.Page???
protected?void?Page_Load(object?sender,?EventArgs?e)??
????????myservice.test?te?=?new?abc.test();??
????????myservice.MySoapHeader?myhead?=? ????????myhead.Uname?=?"admin";//输入WebService访问用户名??
????????myhead.Password?=?"admin";//输入WebService访问密码??
????????te.MySoapHeaderValue?=?myhead;string?test?=?te.GetProductPrice2("ok!");??
??????Response.Write(aa);//用户名、密码输入正确则输出ok?否则输出?错误msg??
}?</span>??

也推荐另外一个cookie的方式http://blog.csdn.net/dz45693/article/details/6151170

转载：http://www.voidcn.com/article/p-bftoczfm-vv.html

（编辑：李大同）

【声明】本站内容均来自网络，其相关言论仅代表作者个人观点，不代表本站立场。若无意侵犯到您的权利，请及时与联系站长删除相关内容!