加入收藏 | 设为首页 | 会员中心 | 我要投稿 李大同 (https://www.lidatong.com.cn/)- 科技、建站、经验、云计算、5G、大数据,站长网!
当前位置: 首页 > 综合聚焦 > 服务器 > 安全 > 正文

在SOAP Header中携带认证ID的WebService实例

发布时间:2020-12-17 01:28:20 所属栏目:安全 来源:网络整理
导读:通过在SOAP Header中携带认证ID,可避免调用WebService时对HTTP Cookie的依赖,实现自定义的认证和Session管理。具体实现方法如下: 自定义SOAP Header public ? class ?SessionHeader?:?SoapHeader { ???? public ? string ?SessionId; } 扩展属性的定义 ??

通过在SOAP Header中携带认证ID,可避免调用WebService时对HTTP Cookie的依赖,实现自定义的认证和Session管理。具体实现方法如下:

  • 自定义SOAP Header

public ? class ?SessionHeader?:?SoapHeader

 {

????public?string?SessionId;

}
  • 扩展属性的定义

????[AttributeUsage(AttributeTargets.Method)]

???? public ? class ?SessionExtensionAttribute?:?SoapExtensionAttribute

???? {

????????int?_priority?=?1;


????????public?override?int?Priority

????????{

????????????get?{?return?_priority;?}

????????????set?


????????}


????????public?override?Type?ExtensionType

????????{

????????????get?{?return?typeof(SessionExtension);?}

????????}

????}
  • ?SOAP Header的处理

???? public ? class ?SessionExtension?:?SoapExtension

???? {

????????public?override?void?ProcessMessage(SoapMessage?message)

????????{

????????????if?(message.Stage?==?SoapMessageStage.AfterDeserialize)

????????????{

????????????????//Check?for?an?SessionHeader?containing?valid?credentials

????????????????foreach?(SoapHeader?header?in?message.Headers)

????????????????{

????????????????????if?(header?is?SessionHeader)

????????????????????{

????????????????????????SessionHeader?credentials?=?(SessionHeader)header;

????????????????????????//?Check?SessionId


????????????????????????break;

????????????????????}

????????????????}


????????????????//?Fail?the?call?if?we?get?to?here.?Either?the?header

????????????????//?isn't?there?or?it?contains?invalid?credentials.

????????????????throw?new?SoapException("Invalid?SessionId",

????????????????????SoapException.ClientFaultCode);

????????????}

????????}


????????public?override?Object?GetInitializer(Type?type)

????????{

????????????return?GetType();

????????}


????????public?override?Object?GetInitializer(LogicalMethodInfo?info,

????????????SoapExtensionAttribute?attribute)

????????{

????????????return?null;

????????}


????????public?override?void?Initialize(Object?initializer)

????????{

????????}

????}

?

  • ?在WebService的WebMethod方法中添加属性

[WebService(Namespace? = ? " http://tempuri.org/ " )]

[WebServiceBinding(ConformsTo? = ?WsiProfiles.BasicProfile1_1)]

 public ? class ?EDocService?:?System.Web.Services.WebService? {

????public?SessionHeader?Credentials;


????[SessionExtension]

????[SoapHeader("Credentials")]

????[WebMethod]

????public?void?Method1()

????{

????????string?sid?=?credentials.sessionid;

????}

}


当调用Method1时,如果SOAP Header中没有合法的SessionID,则调用方会收到HTTP 500错误,无法执行Method1的代码。

(编辑:李大同)

【声明】本站内容均来自网络,其相关言论仅代表作者个人观点,不代表本站立场。若无意侵犯到您的权利,请及时与联系站长删除相关内容!
    相关内容
      推荐文章
        站长推荐
        热点阅读

          【免责声明】本站内容转载自互联网,其发布内容言论不代表本站观点,如果其链接、内容的侵犯您的权益,烦请提交相关链接至邮箱bqsm@foxmail.com我们将及时予以处理。

          建议您使用1920×1080分辨率、谷歌浏览器Google Chrome、Microsoft Edge以获得本站的最佳浏览效果

          Copygight © 2008-2022 https://www.lidatong.com.cn/ All Rights Reserved. 李大同