这时候我可以用一种比较简便的方法--使用SOAP头。WEB服务消费者在SOAP头中添加用户ID和密码信息,WEB服务方法会检索这些信息,并使用这些信息来执行自定义的验证从而调用相应的服务 。
下面是一个简单的例子:
服务器端:
using
System;
using System.Web;
using System.Web.Services;
using System.Web.Services.Protocols;
using System.Security.Principal;
namespace test2
{
/// <summary>
/// Summary description for Service1
/// </summary>
[WebService(Namespace = " http://tempuri.org/ " )]
[WebServiceBinding(ConformsTo = WsiProfiles.BasicProfile1_1)]
[ToolboxItem( false )]
public class Service1 : System.Web.Services.WebService
{
public ValidateUser valiUser = new ValidateUser();//一定要是public访问类型。
//
[SoapHeader( " valiUser " )]
[WebMethod]
public string GetAuthority()
{
string Msg = "" ;
valiUser.ValiHeader( out Msg);
return Msg;
}
}
//
public class ValidateUser:System.Web.Services.Protocols.SoapHeader
{
// 用户名和密码
private string username;
private string password;
//
public string UserName
{
get { return username; }
set { username = value; }
}
//
public string PassWord
{
get { return password; }
set { password = value; }
}
//
public bool ValiHeader( out string ReturnMsg)
{
bool flag = false ;
if (UserName == " admin " && PassWord == " admin " )
{
flag = true ;
ReturnMsg = " You Are Successfully " ;
}
else
{
ReturnMsg = " You Are Failted " ;
}
return flag;
}
}
using System.Web;
using System.Web.Services;
using System.Web.Services.Protocols;
using System.Security.Principal;
namespace test2
{
/// <summary>
/// Summary description for Service1
/// </summary>
[WebService(Namespace = " http://tempuri.org/ " )]
[WebServiceBinding(ConformsTo = WsiProfiles.BasicProfile1_1)]
[ToolboxItem( false )]
public class Service1 : System.Web.Services.WebService
{
public ValidateUser valiUser = new ValidateUser();//一定要是public访问类型。
//
[SoapHeader( " valiUser " )]
[WebMethod]
public string GetAuthority()
{
string Msg = "" ;
valiUser.ValiHeader( out Msg);
return Msg;
}
}
//
public class ValidateUser:System.Web.Services.Protocols.SoapHeader
{
// 用户名和密码
private string username;
private string password;
//
public string UserName
{
get { return username; }
set { username = value; }
}
//
public string PassWord
{
get { return password; }
set { password = value; }
}
//
public bool ValiHeader( out string ReturnMsg)
{
bool flag = false ;
if (UserName == " admin " && PassWord == " admin " )
{
flag = true ;
ReturnMsg = " You Are Successfully " ;
}
else
{
ReturnMsg = " You Are Failted " ;
}
return flag;
}
}
客户端:(我是写在一个按钮下面,向浏览器输出)
protected
void
Button2_Click(
object
sender, EventArgs e)
{
Service1 service = new Service1();
ValidateUser valiUser = new ValidateUser();
valiUser.UserName = " admin " ;
valiUser.PassWord = " admin " ;
service.ValidateUserValue = valiUser;
Response.Write(service.GetAuthority());
}
{
Service1 service = new Service1();
ValidateUser valiUser = new ValidateUser();
valiUser.UserName = " admin " ;
valiUser.PassWord = " admin " ;
service.ValidateUserValue = valiUser;
Response.Write(service.GetAuthority());
}
输出为:“ You Are Successfully”
注意:要使用SOAP头实现一个自定义身份验证方案,还必须在WEB服务的web.config文件中禁用其他的身份验证类型,如下所示:
<configuration>
<system.web>
<authentication mode="None"/>
</system.web>
</configuration>
当使用SOAP头传输凭据时,惟一必须解决的重要问题就是安全了,不过我们可以将SOAP头中身份信息进行强加密来解决这个问题。
这将在我下一片文章中出现。