一、經過SoapHeader加強WebService的安全性。web
代碼示例以下:c#
(1)、定義本身的SoapHeader派生類。安全
/// <summary> /// 定義本身的SoapHeader派生類 /// </summary> public class MySoapHeader : System.Web.Services.Protocols.SoapHeader { private string _UserID = string.Empty; private string _PassWord = string.Empty; /// <summary> /// 構造函數 /// </summary> public MySoapHeader() { } /// <summary> /// 構造函數 /// </summary> /// <param name="nUserID">用戶ID</param> /// <param name="nPassWord">加密後的密碼</param> public MySoapHeader(string nUserID, string nPassWord) { Initial(nUserID, nPassWord); } #region 屬性 /// <summary> /// 用戶名 /// </summary> public string UserID { get { return _UserID; } set { _UserID = value; } } /// <summary> /// 加密後的密碼 /// </summary> public string PassWord { get { return _PassWord; } set { _PassWord = value; } } #endregion #region 方法 /// <summary> /// 初始化 /// </summary> /// <param name="nUserID">用戶ID</param> /// <param name="nPassWord">加密後的密碼</param> private void Initial(string nUserID, string nPassWord) { UserID = nUserID; PassWord = nPassWord; } /// <summary> /// 驗證用戶名密碼是否正確 /// </summary> /// <param name="nUserID">用戶ID</param> /// <param name="nPassWord">加密後的密碼</param> /// <param name="nMsg">返回的錯誤信息</param> /// <returns>用戶名密碼是否正確</returns> private bool IsValid(string nUserID, string nPassWord, out string nMsg) { nMsg = ""; try { //判斷用戶名密碼是否正確 if (nUserID == "admin" && nPassWord == "admin") { return true; } else { nMsg = "對不起,你無權調用此Web服務,可能有以下緣由:\n 1.您的賬號被管理員禁用。\n 2.您的賬號密碼不正確"; return false; } } catch { nMsg = "對不起,你無權調用此Web服務,可能有以下緣由:\n 1.您的賬號被管理員禁用。\n 2.您的賬號密碼不正確"; return false; } } /// <summary> /// 驗證用戶名密碼是否正確 /// </summary> /// <returns>用戶名密碼是否正確</returns> public bool IsValid(out string nMsg) { return IsValid(_UserID, _PassWord, out nMsg); } #endregion }
(2)、添加基於SoapHeader驗證的WebService接口的方法。ide
/// <summary> /// 經過SoapHeader來加強Web Service的安全性 /// </summary> [WebService(Namespace = "http://tempuri.org/")] [WebServiceBinding(ConformsTo = WsiProfiles.BasicProfile1_1)] [ToolboxItem(false)] public class WebService_Soap : System.Web.Services.WebService { //聲明Soap頭實例 public MySoapHeader myHeader = new MySoapHeader(); //普通方法,不須要SoapHeader驗證 [WebMethod(Description = "根據產品編號查詢產品的價格")] public string GetProductPrice(string ProductId) { Products pro = new Products(); return pro.GetPrice(ProductId); } //須要SoapHeader驗證 [SoapHeader("myHeader")] [WebMethod(Description = "根據產品編號查詢產品的價格", EnableSession = true)] public string GetProductPrice2(string ProductId) { string msg = ""; //驗證是否有權訪問 if (!myHeader.IsValid(out msg)) { return msg;//返回錯誤信息 } Products pro = new Products(); return pro.GetPrice(ProductId); } }
(3)、客戶端調用具備SoapHeader的WebService。函數
//建立myService對象 ProductServiceSoap.WebService_Soap service = new ProductServiceSoap.WebService_Soap(); //建立soap頭對象 ProductServiceSoap.MySoapHeader header = new ProductServiceSoap.MySoapHeader(); //設置soap頭變量 header.PassWord = "admin1"; header.UserID = "admin1"; service.MySoapHeaderValue = header; //調用web 方法 string strPrice = service.GetProductPrice2("001");
二、採用SSL實現加密傳輸。ui
操做文檔下載地址:http://down.51cto.com/data/1016635加密
三、訪問IP限制。spa
優勢:簡單,防止非指定客戶機器訪問。orm
缺點:IP是能夠僞造的;維護IP地址表比較繁瑣,且只適合固定IP訪問者的狀況。對象
代碼示例以下:
public bool ValidateIP(int UserID, out string exceptionInfo) { exceptionInfo = ""; string uip = HttpContext.Current.Request.UserHostAddress; //獲取IP地址表 Common dal = new Common(); List<string> ips = dal.GetPermitIp(UserID); if (ips == null || ips.Count == 0) { exceptionInfo = "調用Web服務的客戶端IP未被容許,沒法訪問!"; return false; } if (ips.Contains(uip)) { return true; } exceptionInfo = "調用Web服務的客戶端IP未被容許,沒法訪問!"; return false; }