[转] WebService的两种用户验证方式

最新推荐文章于 2023-04-27 11:47:14 发布

转载最新推荐文章于 2023-04-27 11:47:14 发布 · 67 阅读

0 ·

CC 4.0 BY-SA版权

原文链接：http://www.cnblogs.com/ForEverKissing/archive/2005/04/22/143434.html

文章标签：

#数据库

博客介绍了Web Service中两种用户验证方法。一是使用SoapHeader传递和验证用户，给出了Web Service端和客户端代码示例；二是使用验证票（AuthorizationTicket），包含生成验证票、验证票有效性及基于验证执行特定操作的代码，还提及可在数据库验证用户合法性。

1,使用SoapHeader传递和验证用户
Web Service端的代码:
1.1先创建一个继承自System.Web.Services.Protocols.SoapHeader
CredentialSoapHeader类:
public class CredentialSoapHeader : SoapHeader
{
private string _userName ;
private string _userPassword ;

    public string UserName
    {
        get { return _userName ; }
        set { _userName = value ; }
    }

    public string UserPassword
    {
        get { return _userPassword ; }
        set { _userPassword = value ; }
    }
}

1.2创建对外发布的Web Service方法
public class MyService : System.Web.Services.WebService
{
    private CredentialSoapHeader m_credentials ;
    public CredentialSoapHeader Credentails
    {
        get { return m_credentials ; }
        set { m_credentials = value ; }
    }

    //对外发布的服务
    [WebMethod(BufferResponse = true,Description = "欢迎方
    法" ,CacheDuration = 0,EnableSession=false,
    MessageName = "HelloFriend",TransactionOption =
    TransactionOption.Required)]
    [SoapHeader("Credentails")]
    public string Welcome(string userName)
    {
        this.VerifyCredential(this) ;
        return "Welcome " + userName ;
    }

    //验证是否合法
    private void VerifyCredential(MyService s)
    {
        if ( s.Credentails == null ||
             s.Credentails.UserName == null ||
             s.Credentails.UserPassword == null )
        {
           throw new SoapException("验证失
            败",SoapException.ClientFaultCode,"Security") ;
        }
        //在这里可以进一步进行自定义的用户验证
    }
}

创建使用MyService的客户端(本处使用WinForm来做实例)
先把MyService的引用添加进来
public class ClientForm : System.Windows.Forms.Form
{
    public ClientForm()
    {
        MyService s = new MyService() ;
        this.InitWebServiceProxy(s) ;
        string temp = s.Welcome("test") ;

        MessageBox.Show(temp) ;
    }

    private void InitWebServiceProxy(MyService s)
    {
        CredentialSoapHeader soapHeader =
            new CredentialSoapHeader() ;
        soapHeader.UserName = "test" ;
        soapHeader.UserPassword = "test" ;
        s.CredentialSoapHeaderValue = soapHeader ;

string urlSettings = null ; //这里可以从配置文件中获取

        if (urlSettings != null )
        {
            s.Url = urlSettings ;
        }

        s.Credentials = (System.Net.NetworkCredential)
        CredentialCache.DefaultCredentials ;
    }
}

2,使用验证票(AuthorizationTicket)
using System.Web.Security ;
[WebMethod()]
public string GetAuthorizationTicket(string userName , string password)
{
    //这里可以做一些自定义的验证动作，比如在数据库里验证用户的合法性等
    FormsAuthenticationTicket ticket = new
         FormsAuthenticationTicket(userName, false, timeOut) ;
    string encryptedTicket =
        FormsAuthentication.Encrypt(ticket) ;
    Context.Cache.Insert(encryptedTicket, userName, null,
               DateTime.Now.AddMinutes(timeout), TimeSpan.Zero) ;
    return encryptedTicket ;
}

private bool IsTicketValid(string ticket, bool IsAdminCall)
{
    if (ticket == null || Context.Cache[ticket] == null)
    {
        // not authenticated
      return false;
    }
    else
    {
        //这里再做一些验证，比如在数据库里验证用户的合法性等
    }
}

[WebMethod()]
public Book GetBookByBookId(int bookId)
{
    if (IsTicketValid)
    {
        //验证通过才可以执行特定操作了
    }
}

转载于:https://www.cnblogs.com/ForEverKissing/archive/2005/04/22/143434.html