WebService的两种用户验证方式
发布时间:2020-12-17 02:56:40 所属栏目:安全 来源:网络整理
导读:1,使用SoapHeader传递和验证用户 Web Service端的代码: 1.1先创建一个继承自System.Web.Services.Protocols.SoapHeader CredentialSoapHeader类: public class CredentialSoapHeader : SoapHeader { private string _userName ;; private string _userPassw
1,使用SoapHeader传递和验证用户 Web Service端的代码: 1.1先创建一个继承自System.Web.Services.Protocols.SoapHeader CredentialSoapHeader类: public class CredentialSoapHeader : SoapHeader { private string _userName ;; private string _userPassword ;; public string UserName { get { return _userName ;; } set { _userName = value ;; } } public string UserPassword { get { return _userPassword ;; } set { _userPassword = value ;; } } } 1.2创建对外发布的Web Service方法 public class MyService : System.Web.Services.WebService { private CredentialSoapHeader m_credentials ;; public CredentialSoapHeader Credentails { get { return m_credentials ;; } set { m_credentials = value ;; } } //对外发布的服务 [WebMethod(BufferResponse = true,Description = "欢迎方法",CacheDuration = 0,EnableSession=false, MessageName = "HelloFriend",TransactionOption = TransactionOption.Required)] [SoapHeader("Credentails")] public string Welcome(string userName) { this.VerifyCredential(this) ;; return "Welcome " + userName ;; } //验证是否合法 private void VerifyCredential(MyService s) { if ( s.Credentails == null || s.Credentails.UserName == null || s.Credentails.UserPassword == null ) { throw new SoapException("验证失败",SoapException.ClientFaultCode,"Security") ;; } //在这里可以进一步进行自定义的用户验证 } } 创建使用MyService的客户端(本处使用WinForm来做实例) 先把MyService的引用添加进来 public class ClientForm : System.Windows.Forms.Form { public ClientForm() { MyService s = new MyService() ;; this.InitWebServiceProxy(s) ;; string temp = s.Welcome("test") ;; MessageBox.Show(temp) ;; } private void InitWebServiceProxy(MyService s) { CredentialSoapHeader soapHeader = new CredentialSoapHeader() ;; soapHeader.UserName = "test" ;; soapHeader.UserPassword = "test" ;; s.CredentialSoapHeaderValue = soapHeader ;; string urlSettings = null ;; //这里可以从配置文件中获取 if (urlSettings != null ) { s.Url = urlSettings ;; } s.Credentials = (System.Net.NetworkCredential)CredentialCache.DefaultCredentials ;; } } 2,使用验证票(AuthorizationTicket) using System.Web.Security ;; [WebMethod()] public string GetAuthorizationTicket(string userName,string password) { //这里可以做一些自定义的验证动作,比如在数据库里验证用户的合法性等 FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(userName,false,timeOut) ;; string encryptedTicket = FormsAuthentication.Encrypt(ticket) ;; Context.Cache.Insert(encryptedTicket,userName,null,DateTime.Now.AddMinutes(timeout),TimeSpan.Zero) ;; return encryptedTicket ;; } private bool IsTicketValid(string ticket,bool IsAdminCall) { if (ticket == null || Context.Cache[ticket] == null) { // not authenticated return false;; } else { //这里再做一些验证,比如在数据库里验证用户的合法性等 } } [WebMethod()] public Book GetBookByBookId(int bookId) { if (IsTicketValid) { //验证通过才可以执行特定操作了 } }
(编辑:李大同) 【声明】本站内容均来自网络,其相关言论仅代表作者个人观点,不代表本站立场。若无意侵犯到您的权利,请及时与联系站长删除相关内容! |