导航

IssueVision 之WebService安全篇

Posted on 2007-08-06 21:21  hcfalan  阅读(367)  评论(0编辑  收藏  举报
一、Web Service端的设计

先从SoapHeader继承一个自定义类CredentialSoapHeader,该类包含用户名和密码:
public class CredentialSoapHeader : SoapHeader
{
    
public string Username
    
{
        
get  }
        
set  }
    }


    
public string Password
    
{
        
get  }
        
set  }
    }

}

在WebService类里面创建一个属性Credentials,类型为CredentialSoapHeader:
public class IssueVisionServices : WebService
{
    
// custom SOAP header to pass credentials
    public CredentialSoapHeader Credentials
    
{
        
get  }
        
set  }
    }

    
}

在WebMethod的方法上使用SoapHeader标识,成员名称为"Credentials":
[WebMethod(Description="Returns the lookup tables for IssueVision.")]
[SoapHeader(
"Credentials")]
public IVDataSet GetLookupTables()
{
    SecurityHelper.VerifyCredentials(
this);
    
return new IVData().GetLookupTables();
}

public class SecurityHelper 
{
    
// verifies the clients credentials
    public static void VerifyCredentials(IssueVisionServices service) 
    {
        String userName 
= service.Credentials.Username;
        String password 
= service.Credentials.Password;
        
// 按照userName 和 password 进行授权验证
        
    }
}

二、客户端对Web Service的调用

private static IssueVisionServices GetWebServiceReference()
{
    
return GetWebServiceReference(UserSettings.Instance.Username, UserSettings.Instance.Password);
}


private static IssueVisionServices GetWebServiceReference(string username, string password)
{
    IssueVisionServices dataService 
= new IssueVisionServices();
        
    
//<ReplaceWithWse>
    CredentialSoapHeader header = new CredentialSoapHeader();
    header.Username 
= username;
    header.Password 
= password;
    dataService.CredentialSoapHeaderValue 
= header;
    
//</ReplaceWithWse>
            
    InitWebServiceProxy(dataService);
            
    
return dataService;
}