WebServices Header 验证
本文仅提供通过设置SoapHeader来控制非法用户对WebService的调用,如果是WebService建议使用WSE3.0来保护Web服务,如果使用的是Viaual Studio 2008可以使用WCF,WCF里面提供了更多的服务认证方法。以下提供一种基于SoapHeader的自定义验证方式。
1.首先要自定义SoapHeader,须继承System.Web.Services.Protocols.SoapHeader 。
为了能使在单独浏览ASMX能工作正常,务必要将header中的字段初始化. 如:private string _strName=String.Empty;
1.首先要自定义SoapHeader,须继承System.Web.Services.Protocols.SoapHeader 。
为了能使在单独浏览ASMX能工作正常,务必要将header中的字段初始化. 如:private string _strName=String.Empty;
using System;
using System.Data;
using System.Configuration;
using System.Linq;
using System.Web;
using System.Web.Security;
using System.Web.UI;
using System.Web.UI.HtmlControls;
using System.Web.UI.WebControls;
using System.Web.UI.WebControls.WebParts;
using System.Xml.Linq;
/// <summary>
/// Summary description for MySoapHeader
/// </summary>
public class MySoapHeader : System.Web.Services.Protocols.SoapHeader
{
public MySoapHeader()
{
//
// TODO: Add constructor logic here
//
}
private string _strName = string.Empty;
private string _strPwd = string.Empty;
public string strName
{
get { return _strName; }
set { _strName = value; }
}
public string strPwd
{
get { return _strPwd; }
set { _strPwd = value; }
}
}
2.添加WebService,并编写相应代码。using System.Data;
using System.Configuration;
using System.Linq;
using System.Web;
using System.Web.Security;
using System.Web.UI;
using System.Web.UI.HtmlControls;
using System.Web.UI.WebControls;
using System.Web.UI.WebControls.WebParts;
using System.Xml.Linq;
/// <summary>
/// Summary description for MySoapHeader
/// </summary>
public class MySoapHeader : System.Web.Services.Protocols.SoapHeader
{
public MySoapHeader()
{
//
// TODO: Add constructor logic here
//
}
private string _strName = string.Empty;
private string _strPwd = string.Empty;
public string strName
{
get { return _strName; }
set { _strName = value; }
}
public string strPwd
{
get { return _strPwd; }
set { _strPwd = value; }
}
}
using System;
using System.Collections;
using System.Linq;
using System.Web;
using System.Web.Services;
using System.Web.Services.Protocols;
using System.Xml.Linq;
/// <summary>
/// Summary description for LoginServices
/// </summary>
[WebService(Namespace = "http://tempuri.org/")]
[WebServiceBinding(ConformsTo = WsiProfiles.BasicProfile1_1)]
// To allow this Web Service to be called from script, using ASP.NET AJAX, uncomment the following line.
// [System.Web.Script.Services.ScriptService]
public class LoginServices : System.Web.Services.WebService
{
//声明Soap头实例
public MySoapHeader myHeader = new MySoapHeader();
[System.Web.Services.Protocols.SoapHeader("myHeader")]
[WebMethod]
public string HelloWord()
{
//可以通过存储在数据库中的用户与密码来验证
if (myHeader.strName.Equals("houlei") & myHeader.strPwd.Equals("houlei"))
{
return "调用服务成功!";
}
else
{
return "对不起,您没有权限调用此服务!";
}
}
}
using System.Collections;
using System.Linq;
using System.Web;
using System.Web.Services;
using System.Web.Services.Protocols;
using System.Xml.Linq;
/// <summary>
/// Summary description for LoginServices
/// </summary>
[WebService(Namespace = "http://tempuri.org/")]
[WebServiceBinding(ConformsTo = WsiProfiles.BasicProfile1_1)]
// To allow this Web Service to be called from script, using ASP.NET AJAX, uncomment the following line.
// [System.Web.Script.Services.ScriptService]
public class LoginServices : System.Web.Services.WebService
{
//声明Soap头实例
public MySoapHeader myHeader = new MySoapHeader();
[System.Web.Services.Protocols.SoapHeader("myHeader")]
[WebMethod]
public string HelloWord()
{
//可以通过存储在数据库中的用户与密码来验证
if (myHeader.strName.Equals("houlei") & myHeader.strPwd.Equals("houlei"))
{
return "调用服务成功!";
}
else
{
return "对不起,您没有权限调用此服务!";
}
}
}
