自定义身份验证Soap头 进行加密解密

??? 在上篇文章中我们了解了使用自定义SOAP头进行身份验证，使webService服务的身份验证变得灵活，简便。
但是是以明文的方式在网上传输，不能保在传输的过程中被别人截取。所以，为了保证安全性我们必须对，Soap头进行加密，密文的方式传输。
?
? 废话就不多说了，下面我们 看看下面的简单的例子：

? 首先我们在客户端进行对数据的加密：这里我们使用的是64位DES加密算法。
??
? 设置密钥（Key）和初始值（IV）可放在配置文件中：
?

< appSettings >
???? add? key ="Key" ?value ="fdautoit" /> ="IV" ="FDAUTOIT"
?? </ >

*注：上面的值只有8个字节（64位）
在.cs文件中获取“Key”和“IV”

string ?Key,?Iv;

????????????Key? = ?ConfigurationManager.AppSettings[ " Key ];
????????????Iv? IV ];

定义一个加密方法：

private ? ?Encrypt( ?p_strEncrypt)
????????{
???????????? // Set?the?Key?and?the?InitialVector?for?Encrypt
???????????? byte []?key? ?Encoding.UTF8.GetBytes(Key);
???????????? []?iv? ?Encoding.UTF8.GetBytes(Iv);
???????????? Convent?the?string?to?byte[]?of?the?Data []?byteData Encoding.UTF8.GetBytes(p_strEncrypt);
???????????? Set?Memory?space?for?save?the?Data ????????????MemoryStream?memoryData? new ?MemoryStream();
????????????
???????????? DES?des?=?new?DESCryptoServiceProvider();
???????????? RC2?des?=?new?RC2CryptoServiceProvider();
???????????? Rijndael?des?=?new?RijndaelManaged(); ????????????TripleDES?des? ?TripleDESCryptoServiceProvider();
????????????des.Key? ?key;
????????????des.IV? ?iv;
????????????des.Mode? ?CipherMode.CBC;
???????????? Create??the?Method?with?the?Key?and?IV? ????????????ICryptoTransform?transform? ?des.CreateEncryptor();
???????????? Create?the?EnCrypt?stream ????????????CryptoStream?cryptostream? ?CryptoStream(memoryData,?transform,?CryptoStreamMode.Write);
????????????
???????????? write?into?the?Memory?stream try
????????????{
????????????????cryptostream.Write(byteData,? 0 ,?byteData.Length);
????????????}
???????????? catch
????????????{
???????????????? throw ?Exception( Encrypt?Data?wrong?of?the?write?to?stream! );
????????????}
????????????cryptostream.FlushFinalBlock();
????????????cryptostream.Close();
???????????? return?memoryData.ToString(); return ?Convert.ToBase64String(memoryData.ToArray());
????????}

在这个方法返回的是一个加密后的数据。

void ?ValidServiceMethod()
????????{
???????????? Encrypt?the?username?and?password?of?SoapHeader ?m_strName? admin ?m_strPwd? new?a??SoapHeader?and?a?WebService ??????????? MySoapHeader myheader? MySoapHeader? ();
????????????MyService?myservice? ?MyService();
???????????? myheader .UserName? ?m_strName;
???????????? .PassWord? ?m_strPwd;
???????????? Set?the?SoapHeader?validate?to?Service ????????????myservice.FDSoapHeaderValue? myheader? ;
???????????? Call?Method?of?webservice? ??????????? myservice.GetMoney();
????????}

? 这样就完成了加密的过程（用户名，密码，数据可以以参数的形式传入）
在服务 器端同样设置配置文件。这于客户端的是一模一样的。

>

同样在代码文件中获取其值
? 编写解密方法：

?Decrypt( ?p_strDecrypt)
????????{
???????????? ?Set?the?Key?and?the?InitialVector?for?Decrypt Covent?the?string?to?byte[]?with?the?Encrypt?Data
???????????? byte[]?EncrypData?=Encoding.UTF8.GetBytes(p_strDecrypt); []?EncrypData Convert.FromBase64String(p_strDecrypt);
???????????? ?Set?the?Memory?stream?Space?for?save?data ?Create?DES?for?Decrypt ????????????DESCryptoServiceProvider?des? ?DESCryptoServiceProvider();
????????????des.Key? ?Decrypt?with?the?key?and?InitialVector ?des.CreateDecryptor();
???????????? Save?to?MemoryStream output?the?data
????????????{
????????????????cryptostream.Write(EncrypData,?EncrypData.Length);
????????????}
???????????? (Exception?ex)
????????????{
???????????????? write?to?stream?wrong! + ex.Message);
????????????}
????????????cryptostream.FlushFinalBlock();
????????????cryptostream.Close();
???????????? output?data ?Encoding.UTF8.GetString(memoryData.ToArray());
????????}
?

Soap头:

public class ?MySoapHeader?:?SoapHeader
????{
???????? ?_name;
???????? ?_passWord;

???????? UserName?
????????{
???????????? get ?{? ?_name;?}
???????????? set ?{?_name? ?value;?}
????????}
???????? ?PassWord
????????{
???????????? ?_passWord;?}
???????????? ?{?_passWord? ?value;?}
????????}
????}

更改上篇中的方法：

bool ?ValiHeader( out ?ReturnMsg)
????????{
??? ?? ?? ? MySoapHeader myheader=new MySoapHeader();
???????????? ?flag? false ;
??????????? string? UserName= Decrypt(myheader.UserName);
??? ?? ?? ? string PassWord=Decrypt(myheader.PassWord);
if ?(UserName? == && ?PassWord? )
????????????{
????????????????flag? true ;
????????????????ReturnMsg? You?Are?Successfully ;
????????????}
???????????? else
????????????{
????????????????ReturnMsg? You?Are?Failted ?flag;
????????}

[WebMethod]
[SoapHeader("header",Direction = SoapHeaderDirection.In)]
public ?CheckHeader()
????????{
??? ??? ??? string ?ReturnMsg "" ?IsTrue ValiHeader( ??ReturnMsg);
??? ??? ??? return ?ReturnMsg;
????????}

如果方法：“ValiHeader”返回的是true 表示验证成功，如果返回的是false表示用户名和密码有误。


有关SoapHeader验证头密码核心代码就 是这样了。其中省略了很多代码。