自定义身份验证Soap头 进行加密解密
发布时间:2020-12-16 22:36:26 所属栏目:安全 来源:网络整理
导读:自定义身份验证Soap头 进行加密解密 ??? 在上篇文章中我们了解了使用自定义SOAP头进行身份验证,使webService服务的身份验证变得灵活,简便。 但是是以明文的方式在网上传输,不能保在传输的过程中被别人截
自定义身份验证Soap头 进行加密解密
??? 在上篇文章中我们了解了使用自定义SOAP头进行身份验证,使webService服务的身份验证变得灵活,简便。
但是是以明文的方式在网上传输,不能保在传输的过程中被别人截取。所以,为了保证安全性我们必须对,Soap头进行加密,密文的方式传输。 ? ? 废话就不多说了,下面我们 看看下面的简单的例子: ? 首先我们在客户端进行对数据的加密:这里我们使用的是64位DES加密算法。 ?? ? 设置密钥(Key)和初始值(IV)可放在配置文件中: ?
<
appSettings
>
???? add? key ="Key" ?value ="fdautoit" /> ="IV" ="FDAUTOIT" ?? </ > *注:上面的值只有8个字节(64位) 在.cs文件中获取“Key”和“IV” string
?Key,?Iv;
????????????Key? = ?ConfigurationManager.AppSettings[ " Key ]; ????????????Iv? IV ]; 定义一个加密方法: private
?
?Encrypt(
?p_strEncrypt) 在这个方法返回的是一个加密后的数据。
????????{ ???????????? // Set?the?Key?and?the?InitialVector?for?Encrypt ???????????? byte []?key? ?Encoding.UTF8.GetBytes(Key); ???????????? []?iv? ?Encoding.UTF8.GetBytes(Iv); ???????????? Convent?the?string?to?byte[]?of?the?Data []?byteData Encoding.UTF8.GetBytes(p_strEncrypt); ???????????? Set?Memory?space?for?save?the?Data ????????????MemoryStream?memoryData? new ?MemoryStream(); ???????????? ???????????? DES?des?=?new?DESCryptoServiceProvider(); ???????????? RC2?des?=?new?RC2CryptoServiceProvider(); ???????????? Rijndael?des?=?new?RijndaelManaged(); ????????????TripleDES?des? ?TripleDESCryptoServiceProvider(); ????????????des.Key? ?key; ????????????des.IV? ?iv; ????????????des.Mode? ?CipherMode.CBC; ???????????? Create??the?Method?with?the?Key?and?IV? ????????????ICryptoTransform?transform? ?des.CreateEncryptor(); ???????????? Create?the?EnCrypt?stream ????????????CryptoStream?cryptostream? ?CryptoStream(memoryData,?transform,?CryptoStreamMode.Write); ???????????? ???????????? write?into?the?Memory?stream try ????????????{ ????????????????cryptostream.Write(byteData,? 0 ,?byteData.Length); ????????????} ???????????? catch ????????????{ ???????????????? throw ?Exception( Encrypt?Data?wrong?of?the?write?to?stream! ); ????????????} ????????????cryptostream.FlushFinalBlock(); ????????????cryptostream.Close(); ???????????? return?memoryData.ToString(); return ?Convert.ToBase64String(memoryData.ToArray()); ????????} void
?ValidServiceMethod()
????????{ ???????????? Encrypt?the?username?and?password?of?SoapHeader ?m_strName? admin ?m_strPwd? new?a??SoapHeader?and?a?WebService ??????????? MySoapHeader myheader? MySoapHeader? (); ????????????MyService?myservice? ?MyService(); ???????????? myheader .UserName? ?m_strName; ???????????? .PassWord? ?m_strPwd; ???????????? Set?the?SoapHeader?validate?to?Service ????????????myservice.FDSoapHeaderValue? myheader? ; ???????????? Call?Method?of?webservice? ??????????? myservice.GetMoney(); ????????} ? 这样就完成了加密的过程(用户名,密码,数据可以以参数的形式传入) 在服务 器端同样设置配置文件。这于客户端的是一模一样的。 >
同样在代码文件中获取其值
? 编写解密方法: ?Decrypt(
?p_strDecrypt)
????????{ ???????????? ?Set?the?Key?and?the?InitialVector?for?Decrypt Covent?the?string?to?byte[]?with?the?Encrypt?Data ???????????? byte[]?EncrypData?=Encoding.UTF8.GetBytes(p_strDecrypt); []?EncrypData Convert.FromBase64String(p_strDecrypt); ???????????? ?Set?the?Memory?stream?Space?for?save?data ?Create?DES?for?Decrypt ????????????DESCryptoServiceProvider?des? ?DESCryptoServiceProvider(); ????????????des.Key? ?Decrypt?with?the?key?and?InitialVector ?des.CreateDecryptor(); ???????????? Save?to?MemoryStream output?the?data ????????????{ ????????????????cryptostream.Write(EncrypData,?EncrypData.Length); ????????????} ???????????? (Exception?ex) ????????????{ ???????????????? write?to?stream?wrong! + ex.Message); ????????????} ????????????cryptostream.FlushFinalBlock(); ????????????cryptostream.Close(); ???????????? output?data ?Encoding.UTF8.GetString(memoryData.ToArray()); ????????} ? Soap头: public
class
?MySoapHeader?:?SoapHeader
????{ ???????? ?_name; ???????? ?_passWord; ???????? UserName? ????????{ ???????????? get ?{? ?_name;?} ???????????? set ?{?_name? ?value;?} ????????} ???????? ?PassWord ????????{ ???????????? ?_passWord;?} ???????????? ?{?_passWord? ?value;?} ????????} ????} 更改上篇中的方法: bool
?ValiHeader(
out
?ReturnMsg)
????????{ ??? ?? ?? ? MySoapHeader myheader=new MySoapHeader(); ???????????? ?flag? false ; ??????????? string? UserName= Decrypt(myheader.UserName); ??? ?? ?? ? string PassWord=Decrypt(myheader.PassWord); if ?(UserName? == && ?PassWord? ) ????????????{ ????????????????flag? true ; ????????????????ReturnMsg? You?Are?Successfully ; ????????????} ???????????? else ????????????{ ????????????????ReturnMsg? You?Are?Failted ?flag; ????????} [WebMethod]
[SoapHeader("header",Direction = SoapHeaderDirection.In)] public ?CheckHeader() ????????{ ??? ??? ??? string ?ReturnMsg "" ?IsTrue ValiHeader( ??ReturnMsg); ??? ??? ??? return ?ReturnMsg; ????????} 如果方法:“ValiHeader”返回的是true 表示验证成功,如果返回的是false表示用户名和密码有误。 有关SoapHeader验证头密码核心代码就 是这样了。其中省略了很多代码。
转载:http://www.cnblogs.com/seebook/archive/2007/07/12/815948.html
(编辑:李大同) 【声明】本站内容均来自网络,其相关言论仅代表作者个人观点,不代表本站立场。若无意侵犯到您的权利,请及时与联系站长删除相关内容! |
推荐文章
站长推荐
热点阅读