1,使用SoapHeader传递和验证用户
?Web Service端的代码:
?1.1先创建一个继承自System.Web.Services.Protocols.SoapHeader
??? CredentialSoapHeader类:
?? public class CredentialSoapHeader : SoapHeader
?? {
?private string _userName ;
?private string _userPassword ;
?public string UserName
?{
??get { return _userName ; }
??set { _userName = value ; }
?}
?public string UserPassword
?{
??get { return _userPassword ; }
??set { _userPassword = value ; }
?}
?? }
? 1.2创建对外发布的Web Service方法
? public class MyService :? System.Web.Services.WebService
? {
?private CredentialSoapHeader m_credentials ;
?public CredentialSoapHeader Credentails
?{
??get { return m_credentials ; }
??set { m_credentials = value ; }
?}
???????
??????? //对外发布的服务
??????? [WebMethod(BufferResponse = true,Description = "欢迎方法",CacheDuration = 0,EnableSession=false,
???MessageName = "HelloFriend",TransactionOption = TransactionOption.Required)]
?[SoapHeader("Credentails")]
?public string Welcome(string userName)
?{
??this.VerifyCredential(this) ;
??return "Welcome " + userName ;
?}
??????? //验证是否合法
??????? private void VerifyCredential(MyService s)
?{
??if ( s.Credentails == null || s.Credentails.UserName == null || s.Credentails.UserPassword == null )
??{
???throw new SoapException("验证失败",SoapException.ClientFaultCode,"Security") ;
??}
??????????????? //在这里可以进一步进行自定义的用户验证
?}
? }
? 创建使用MyService的客户端(本处使用WinForm来做实例)
? 先把MyService的引用添加进来
? public class ClientForm : System.Windows.Forms.Form
? {
?public ClientForm()
?{
??MyService s = new MyService() ;
??this.InitWebServiceProxy(s) ;
??string temp = s.Welcome("test") ;
??
??MessageBox.Show(temp) ;
?}
?private void InitWebServiceProxy(MyService s)
?{
??CredentialSoapHeader soapHeader = new CredentialSoapHeader() ;
??soapHeader.UserName = "test" ;
??soapHeader.UserPassword = "test" ;
??s.CredentialSoapHeaderValue = soapHeader ;
??string urlSettings = null ; //这里可以从配置文件中获取
??if (urlSettings != null )
??{
???s.Url = urlSettings ;
??}
??s.Credentials = (System.Net.NetworkCredential)CredentialCache.DefaultCredentials? ;
?}
? }
?
?
2,使用验证票(AuthorizationTicket)
using System.Web.Security ;
[WebMethod()]
public string GetAuthorizationTicket(string userName,string password)
{
???? //这里可以做一些自定义的验证动作,比如在数据库里验证用户的合法性等
???? FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(userName,false,timeOut) ;
???? string encryptedTicket = FormsAuthentication.Encrypt(ticket) ;
???? Context.Cache.Insert(encryptedTicket,userName,null,DateTime.Now.AddMinutes(timeout),TimeSpan.Zero) ;
???? return encryptedTicket ;
}
private bool IsTicketValid(string ticket,bool IsAdminCall)
{
??? if (ticket == null || Context.Cache[ticket] == null)
??? {
? // not authenticated
? return false;
??? }
??? else
??? {
???????? //这里再做一些验证,比如在数据库里验证用户的合法性等
??? }
}
[WebMethod()] public Book GetBookByBookId(int bookId) { ??? if (IsTicketValid) ??? { ??????? //验证通过才可以执行特定操作了 ??? } }
