加入收藏 | 设为首页 | 会员中心 | 我要投稿 李大同 (https://www.lidatong.com.cn/)- 科技、建站、经验、云计算、5G、大数据,站长网!
当前位置: 首页 > 综合聚焦 > 服务器 > 安全 > 正文

WebService安全处理办法之一

发布时间:2020-12-17 02:40:00 所属栏目:安全 来源:网络整理
导读:?平常我经常使用动态随机数加密验证的办法,可以验证客户端的合法性,不过这种方法也蛮不错的。 ? using ?System; using ?System.Collections; using ?System.ComponentModel; using ?System.Data; using ?System.Linq; using ?System.Web; using ?System.We

?平常我经常使用动态随机数加密验证的办法,可以验证客户端的合法性,不过这种方法也蛮不错的。

?

  1. using?System;
  2. using?System.Collections;
  3. using?System.ComponentModel;
  4. using?System.Data;
  5. using?System.Linq;
  6. using?System.Web;
  7. using?System.Web.Services;
  8. using?System.Web.Services.Protocols;
  9. using?System.Xml.Linq;
  11. namespace?TallyInfo.TIWebService
  12. {
  13. ????///?<summary>
  14. ????///?ClientAuthenticate?的摘要说明
  15. ????///?</summary>
  16. ????[WebService(Namespace?=?"http://tempuri.org/")]
  17. ????[WebServiceBinding(ConformsTo?=?WsiProfiles.BasicProfile1_1)]
  18. ????[ToolboxItem(false)]
  19. ????//?若要允许使用?ASP.NET?AJAX?从脚本中调用此?Web?服务,请取消对下行的注释。
  20. ????//?[System.Web.Script.Services.ScriptService]
  21. ????public?class?ClientAuthenticate?:?System.Web.Services.WebService
  22. ????{
  24. ????????#region?客户端身份认证
  26. ????????#region?GetTicket
  28. ????????[WebMethod]?//(Description?=?"票据产生方法,客户端在调用其它方法之前必须先调用该方法认证其身份,验证成功的结果就是返回一个票据")
  29. ????????public?string?GetTicket(string?identity,?string?password)
  30. ????????{
  31. ????????????//Authenticate?the?client
  32. ????????????if?(!Authenticate(identity,?password))
  33. ????????????{
  34. ????????????????throw?new?Exception("Invalid?identity/Password");
  35. ????????????}
  36. ????????????Guid?gTicket?=?Guid.NewGuid();
  37. ????????????this.Context.Cache.Insert(gTicket.ToString(),?true);
  38. ????????????return?gTicket.ToString();
  39. ????????}
  40. ????????#endregion?GetTicket
  42. ????????#region?Authenticate
  44. ????????///?<summary>
  45. ????????///?验证票据
  46. ????????///?</summary>
  47. ????????///?<param?name="ticket"></param>
  48. ????????///?<returns></returns>
  49. ????????private?bool?Authenticate(string?ticket)
  50. ????????{
  51. ????????????try
  52. ????????????{
  53. ????????????????bool?bRet?=?false;
  55. ????????????????if?((bool)Context.Cache.Get(ticket))
  56. ????????????????{
  57. ????????????????????bRet?=?true;
  58. ????????????????}
  60. ????????????????return?bRet;
  61. ????????????}
  62. ????????????catch?(NullReferenceException?NullEx)
  63. ????????????{
  64. ????????????????throw?NullEx;
  65. ????????????}
  66. ????????????catch?(Exception?Ex)
  67. ????????????{
  68. ????????????????throw?Ex;
  69. ????????????}
  70. ????????}
  71. ????????#endregion?Authenticate
  73. ????????#region?Authenticate
  75. ????????///?<summary>
  76. ????????///?获取票据之前到数据库验证客户身份
  77. ????????///?</summary>
  78. ????????///?<param?name="identity"></param>
  79. ????????///?<param?name="password"></param>
  80. ????????///?<returns></returns>
  81. ????????private?bool?Authenticate(string?identity,?string?password)
  82. ????????{
  83. ????????????bool?retAuth?=?false;
  84. ????????????string?SQLString?=?"SELECT?*?FROM?DataProviders?WHERE?标识码?=?'"?+?identity?+?"'?AND?口令?=?'"?+?password?+?"'";
  85. ????????????//DataSet?ds?=?DbHelperSQL.Search(SQLString);
  86. ????????????//if?(ds.Tables[0].Rows.Count?==?1)
  87. ????????????retAuth?=?true;
  88. ????????????return?retAuth;
  89. ????????}
  90. ????????
  91. ????????#endregion?Authenticate
  93. ????????#endregion?客户端身份认证
  95. ????????#region?SearchWithSQL???执行例程
  97. ????????[WebMethod]
  98. ????????public?DataSet?SearchWithSQL(string?SQLString,?string?ticket)
  99. ????????{
  100. ????????????//在执行方法体响应之前验证票据有效性
  101. ????????????if?(!Authenticate(ticket))
  102. ????????????{
  103. ????????????????throw?new?Exception("Invalid?Ticket");
  104. ????????????}
  106. ????????????return?null;
  108. ????????????//return?DbHelperSQL.Search(SQLString);
  109. ????????}
  110. ????????#endregion?SearchWithSQL????执行例程
  112. ????}
  113. }

(编辑:李大同)

【声明】本站内容均来自网络,其相关言论仅代表作者个人观点,不代表本站立场。若无意侵犯到您的权利,请及时与联系站长删除相关内容!
    相关内容
      推荐文章
        站长推荐
        热点阅读

          【免责声明】本站内容转载自互联网,其发布内容言论不代表本站观点,如果其链接、内容的侵犯您的权益,烦请提交相关链接至邮箱bqsm@foxmail.com我们将及时予以处理。

          建议您使用1920×1080分辨率、谷歌浏览器Google Chrome、Microsoft Edge以获得本站的最佳浏览效果

          Copygight © 2008-2022 https://www.lidatong.com.cn/ All Rights Reserved. 李大同