WebService的两种用户验证方式分析
1,使用SoapHeader传递和验证用户
Web Service端的代码: 1.1先创建一个继承自System.Web.Services.Protocols.SoapHeader CredentialSoapHeader类: public class CredentialSoapHeader : SoapHeader { private string _userName ; private string _userPassword ;public string UserName
{ get { return _userName ; } set { _userName = value ; } }public string UserPassword
{ get { return _userPassword ; } set { _userPassword = value ; } } }1.2创建对外发布的Web Service方法
public class MyService : System.Web.Services.WebService { private CredentialSoapHeader m_credentials ; public CredentialSoapHeader Credentails { get { return m_credentials ; } set { m_credentials = value ; } } //对外发布的服务 [WebMethod(BufferResponse = true,Description = "欢迎方法" ,CacheDuration = 0,EnableSession=false, MessageName = "HelloFriend",TransactionOption = TransactionOption.Required)] [SoapHeader("Credentails")] public string Welcome(string userName) { this.VerifyCredential(this) ; //验证方法 return "Welcome " + userName ; }//验证是否合法
private void VerifyCredential(MyService s) { if ( s.Credentails == null || s.Credentails.UserName == null || s.Credentails.UserPassword == null ) { throw new SoapException("验证失败",SoapException.ClientFaultCode,"Security") ; } //在这里可以进一步进行自定义的用户验证 } }创建使用MyService的客户端(本处使用WinForm来做实例)
先把MyService的引用添加进来 public class ClientForm : System.Windows.Forms.Form { public ClientForm() { MyService s = new MyService() ; this.InitWebServiceProxy(s) ; string temp = s.Welcome("test") ; MessageBox.Show(temp) ; }private void InitWebServiceProxy(MyService s)
{ CredentialSoapHeader soapHeader = new CredentialSoapHeader() ; soapHeader.UserName = "test" ; soapHeader.UserPassword = "test" ; s.CredentialSoapHeaderValue = soapHeader ;string urlSettings = null ; //这里可以从配置文件中获取
if (urlSettings != null )
{ s.Url = urlSettings ; }s.Credentials = (System.Net.NetworkCredential)CredentialCache.DefaultCredentials ;
} } 2,使用验证票(AuthorizationTicket) using System.Web.Security ; [WebMethod()] public string GetAuthorizationTicket(string userName , string password) { //这里可以做一些自定义的验证动作,比如在数据库里验证用户的合法性等 FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(userName, false, timeOut) ; string encryptedTicket = FormsAuthentication.Encrypt(ticket) ; Context.Cache.Insert(encryptedTicket, userName, null, DateTime.Now.AddMinutes(timeout), TimeSpan.Zero) ; return encryptedTicket ; }private bool IsTicketValid(string ticket, bool IsAdminCall)
{ if (ticket == null || Context.Cache[ticket] == null) { // not authenticated return false; } else { //这里再做一些验证,比如在数据库里验证用户的合法性等 } }[WebMethod()]
public Book GetBookByBookId(int bookId) { if (IsTicketValid) { //验证通过才可以执行特定操作了 } }