添加Soap头来增加Web Service的安全性



你说的曾经没有我的故事 提交于 2020-10-18 07:01:50

myService.asmx.cs

添加类:MyHeader System.Web.Services.Protocols.SoapHeader继承

完整的代码如下

using System;

using System.Collections;

using System.ComponentModel;

using System.Data;

using System.Diagnostics;

using System.Web;

using System.Web.Services;

//soap Head引用添加的命名空间

using System.Web.Services.Protocols;

 

namespace study

{

     /// <summary>

     /// myService 的摘要说明。

     /// </summary>

     //[WebService(Namespace="http://MyServer/MyWebServices/")]

     public class myService : System.Web.Services.WebService

     {

         /// <summary>

         /// Soap头实例

         /// </summary>

         public MyHeader myHeader=new MyHeader();

 

         public myService()

         {

              //CODEGEN: 该调用是 ASP.NET Web 服务设计器所必需的

 

              InitializeComponent();

 

         }

 

         #region 组件设计器生成的代码

        

          //Web 服务设计器所必需的

         private IContainer components = null;

                  

         /// <summary>

         /// 设计器支持所需的方法 - 不要使用代码编辑器修改

         /// 此方法的内容。

         /// </summary>

         private void InitializeComponent()

         {

         }

 

         /// <summary>

         /// 清理所有正在使用的资源。

         /// </summary>

         protected override void Dispose( bool disposing )

         {

              if(disposing && components != null)

              {

                   components.Dispose();

              }

              base.Dispose(disposing);        

         }

        

         #endregion

 

         // WEB 服务示例

         // HelloWorld() 示例服务返回字符串 Hello World

         // 若要生成,请取消注释下列行,然后保存并生成项目

         // 若要测试此 Web 服务,请按 F5

 

         [WebMethod]

         public string HelloWorld()

         {

              return "Hello World";

         }

         [SoapHeader("myHeader")]

         [WebMethod(Description="ddddddd",EnableSession=true)]

         public string HelloWorld2(string contents)

         {

              string msg = "";

              //验证是否有权访问

              if(!myHeader.IsValid(out  msg))

                   return msg;

              return "Hello World:"+contents;

         }

     }

     public class MyHeader :  System.Web.Services.Protocols.SoapHeader

     {

         private string _UserID=string.Empty;

         private string _PassWord=string.Empty;

 

         /// <summary>

         /// 构造函数

         /// </summary>

         public MyHeader()

         {

 

         }

         /// <summary>

         /// 构造函数

         /// </summary>

         /// <param name="nUserID">用户ID</param>

         /// <param name="nPassWord">加密后的密码</param>

         public MyHeader(string nUserID,string nPassWord)

         {

              Initial(nUserID,nPassWord);

         }

        

         #region 属性

 

         /// <summary>

         /// 用户名

         /// </summary>

         public string UserID

         {

              get{return _UserID;}

              set{_UserID=value;}

         }

         /// <summary>

         /// 加密后的密码

         /// </summary>

         public string PassWord

         {

              get{return _PassWord;}

              set{_PassWord=value;}

         }

 

         #endregion

         #region 方法

 

         /// <summary>

         /// 初始化

         /// </summary>

         /// <param name="nUserID">用户ID</param>

         /// <param name="nPassWord">加密后的密码</param>

         public void Initial(string nUserID,string nPassWord)

         {

              UserID=nUserID;

              PassWord=nPassWord;

         }

         /// <summary>

         /// 用户名密码是否正确

         /// </summary>

         /// <param name="nUserID">用户ID</param>

         /// <param name="nPassWord">加密后的密码</param>

         /// <param name="nMsg">返回的错误信息</param>

         /// <returns>用户名密码是否正确</returns>

         public bool IsValid(string nUserID,string nPassWord,out string nMsg)

         {

              nMsg="";

              try

              {

                   //判断用户名密码是否正确

                   if(nUserID == "admin" && nPassWord == "admin"){

                       return true;

                   }

                   else

                   {

                       nMsg="对不起,你无权调用此Web服务,可能有如下原因:\n 1.您的帐号被管理员禁用。\n 2.您的帐号密码不正确";

                       return false;

                   }

              }

              catch

              {

                   nMsg="对不起,你无权调用此Web服务,可能有如下原因:\n 1.您的帐号被管理员禁用。\n 2.您的帐号密码不正确";

                   return false;

              }

         }

         /// <summary>

         /// 用户名密码是否正确

         /// </summary>

         /// <returns>用户名密码是否正确</returns>

         public bool IsValid(out string nMsg)

         {

              return IsValid(_UserID,_PassWord,out nMsg);

         }

 

         #endregion

}

 

}

通过soap调用的代码如下:

              // 在此处放置用户代码以初始化页面

              //创建myService对象

              MyWebServer.myService service = new study.MyWebServer.myService();

              //创建soap头对象

              MyWebServer.MyHeader header = new study.MyWebServer.MyHeader();

              //设置soap头变量

              header.PassWord = "admin";

              header.UserID = "admin";

              service.MyHeaderValue = header;

              //调用web 方法

            this.Label1.Text = service.HelloWorld2("dob");