WebService调用权限验证 SoapHeader
一般在项目中,制作的都是基于SOAP协议的webservices,其描述语言是WSDL。但是有时候在项目中,需要保证webservices的安全,需要对其进行进行验证,那么我们就要实现SoapHeader,具体的实现方式如下:
首先就是自定义一个类,继承自System.Web.Services.Protocols.SoapHeader ,然后在这个类中,通过暴露的公共属性和方法来进行校验。
其次就是在webservices主体方法中,添加对SoapHeader的验证的支持
最后直接在用户页面进行验证,调用方法即可。
首先,定义一个sSoapHeader类,暴露出其提供的公共验证字段,并提供验证方法:
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
namespace webServiceDemo
{
public class sSoapHeader:System.Web.Services.Protocols.SoapHeader
{
private string _UserId = string.Empty;
private string _UserPwd = string.Empty;
public sSoapHeader() { }
public string UserId
{
get
{
return _UserId;
}
set
{
_UserId = value;
}
}
public string UserPwd
{
get
{
return _UserPwd;
}
set
{
_UserPwd = value;
}
}
public void Initial(string username, string password)
{
UserId = username;
UserPwd = password;
}
public bool IsValid(string uid, string pwd, out string msg)
{
msg = "";
if (uid == "admin" && pwd == "admin888")
{
return true;
}
else
{
msg = "对不起,你无法调用";
return false;
}
}
public bool IsValid(out string msg)
{
return IsValid(_UserId, _UserPwd, out msg);
}
}
}
using System.Collections.Generic;
using System.Linq;
using System.Web;
namespace webServiceDemo
{
public class sSoapHeader:System.Web.Services.Protocols.SoapHeader
{
private string _UserId = string.Empty;
private string _UserPwd = string.Empty;
public sSoapHeader() { }
public string UserId
{
get
{
return _UserId;
}
set
{
_UserId = value;
}
}
public string UserPwd
{
get
{
return _UserPwd;
}
set
{
_UserPwd = value;
}
}
public void Initial(string username, string password)
{
UserId = username;
UserPwd = password;
}
public bool IsValid(string uid, string pwd, out string msg)
{
msg = "";
if (uid == "admin" && pwd == "admin888")
{
return true;
}
else
{
msg = "对不起,你无法调用";
return false;
}
}
public bool IsValid(out string msg)
{
return IsValid(_UserId, _UserPwd, out msg);
}
}
}
其次就是在webservice主体中,添加对此验证方法的支持
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.Services;
using System.Web.Services.Protocols;
namespace webServiceDemo
{
/// <summary>
/// Service1 的摘要说明
/// </summary>
[WebService(Namespace = "http://tempuri.org/")]
[WebServiceBinding(ConformsTo = WsiProfiles.BasicProfile1_1)]
[System.ComponentModel.ToolboxItem(false)]
// 若要允许使用 ASP.NET AJAX 从脚本中调用此 Web 服务,请取消对下行的注释。
// [System.Web.Script.Services.ScriptService]
public class Service1 : System.Web.Services.WebService
{
public sSoapHeader s = new sSoapHeader();
[SoapHeader("s")] //这里就是添加验证方法的标志
[WebMethod]
public string HelloWorld(int a,int b)
{
string msg = "";
if (!s.IsValid(out msg))
{
return msg;
}
return (a + b).ToString();
}
}
}
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.Services;
using System.Web.Services.Protocols;
namespace webServiceDemo
{
/// <summary>
/// Service1 的摘要说明
/// </summary>
[WebService(Namespace = "http://tempuri.org/")]
[WebServiceBinding(ConformsTo = WsiProfiles.BasicProfile1_1)]
[System.ComponentModel.ToolboxItem(false)]
// 若要允许使用 ASP.NET AJAX 从脚本中调用此 Web 服务,请取消对下行的注释。
// [System.Web.Script.Services.ScriptService]
public class Service1 : System.Web.Services.WebService
{
public sSoapHeader s = new sSoapHeader();
[SoapHeader("s")] //这里就是添加验证方法的标志
[WebMethod]
public string HelloWorld(int a,int b)
{
string msg = "";
if (!s.IsValid(out msg))
{
return msg;
}
return (a + b).ToString();
}
}
}
在上图中,我已经标志的很清楚了[SoapHeader("s")] 就是添加验证方法的标志。
最后就是在用户页面中进行调用,引用完毕后,需要对soapheader暴露的公共属性方法进行赋值判断,最后调用即可。只要验证正确,便可以正常调用,否则则提示没有权限:
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
namespace WEB
{
public partial class _Default : System.Web.UI.Page
{
protected void Page_Load(object sender, EventArgs e)
{
localhost.Service1 s = new WEB.localhost.Service1();
localhost.sSoapHeader header = new WEB.localhost.sSoapHeader();
header.UserId = "admin";
header.UserPwd = "admin888";
s.sSoapHeaderValue = header;
Response.Write(s.HelloWorld(2,1));
}
}
}
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
namespace WEB
{
public partial class _Default : System.Web.UI.Page
{
protected void Page_Load(object sender, EventArgs e)
{
localhost.Service1 s = new WEB.localhost.Service1();
localhost.sSoapHeader header = new WEB.localhost.sSoapHeader();
header.UserId = "admin";
header.UserPwd = "admin888";
s.sSoapHeaderValue = header;
Response.Write(s.HelloWorld(2,1));
}
}
}