WebService authentication

http://blog.csdn.net/largestone_187/article/details/5734632

經過SoapHeader對用戶口令進行驗證，只有受權的用戶纔可使用接口。確保了訪問接口用戶的安全性。

 

public MySoapHeader myHeader = new MySoapHeader();

    public SoapHeaderService()
    {

        //Uncomment the following line if using designed components
        //InitializeComponent();
    }
    //普通方法，不須要SoapHeader驗證 
    [WebMethod(Description = "普通方法不須要驗證")]
    public string HelloWorld(string msg) {
        if (msg == "")
            msg = "default message:" + "Hello World";
        else
            msg = "The message you have input is " + msg;   
        return msg;
    }
    //須要SoapHeader驗證 
    [SoapHeader("myHeader")]
    [WebMethod(Description="須要SoapHeader驗證  ", EnableSession = true)]
    public string GetSecurityService(string inmsg)     
    {         
        string msg = "";         
        //驗證是否有權訪問         
        if (!myHeader.IsValid(out  msg))         
        {             
            return msg;//返回錯誤信息         
        }
        inmsg = "Security Message: " + inmsg;
        return inmsg;     
    } 

SoapHeader驗證，本文未鏈接數據庫，僅僅將驗證寫死了，須要的能夠本身改。

 

public class MySoapHeader:System.Web.Services.Protocols.SoapHeader
{
    private string _UserID = string.Empty;
    private string _PassWord = string.Empty; 
 
    public MySoapHeader()
 {
  //
  // TODO: Add constructor logic here
  //
 }
    //<param name="nUserID">用戶ID</param>     
    //<param name="nPassWord">加密後的密碼</param>     
    public MySoapHeader(string nUserID, string nPassWord)     
    {         
        Initial(nUserID, nPassWord);     
    } 
    #region 屬性     
    //<summary>      //用戶名      //</summary>     
    public string UserID     
    {         
        get { return _UserID; }         
        set { _UserID = value; }     
    }     
    //<summary>     
    //加密後的密碼     
    //</summary>     
    public string PassWord     
    {         
        get { return _PassWord; }         
        set { _PassWord = value; }     
    }             
    #endregion     
    #region 方法     
    //<summary>     
    //初始化     
    //</summary>     
    //<param name="nUserID">用戶ID</param>     
    //<param name="nPassWord">加密後的密碼</param>     
    private void Initial(string nUserID, string nPassWord)     
    {         
        UserID = nUserID;         
        PassWord = nPassWord;     
    }     
    //<summary>     
    //驗證用戶名密碼是否正確     
    //</summary>     
    //<param name="nUserID">用戶ID</param>     
    //<param name="nPassWord">加密後的密碼</param>     
    //<param name="nMsg">返回的錯誤信息</param>     
    //<returns>用戶名密碼是否正確</returns>     
    private bool IsValid(string nUserID, string nPassWord, out string nMsg)     
    {         
        nMsg = "";         
        try        
        {             
            //判斷用戶名密碼是否正確              
            if (nUserID == "admin" && nPassWord == "admin")             
            {                 
                return true;
            }             
            else            
            {                 
                nMsg = "對不起，你無權調用此Web服務。";                 
                return false;             
            }         
        }          catch        
        {             
            nMsg = "對不起，你無權調用此Web服務。";             
            return false;          }     
        }     
    //<summary>     
    //驗證用戶名密碼是否正確     
    //</summary>      //<returns>用戶名密碼是否正確</returns>     
    public bool IsValid(out string nMsg)     
    {         
        return IsValid(_UserID, _PassWord, out nMsg);     
    }     
    #endregion 

}

SoapHeaderWS.SoapHeaderService shService = new SoapHeaderWS.SoapHeaderService();
SoapHeaderWS.MySoapHeader header = new SoapHeaderWS.MySoapHeader();
header.UserID = "admin";
header.PassWord = "admin";
shService.MySoapHeaderValue = header;
string outmsg = shService.GetSecurityService("測試安全控制Web Service成功！");
Label1.Text = outmsg;