用户权限验证
1.WebService安全认证:
2.Form认证
3.windows认证
4.服务方法里面添加账号密码参数
5.SoapHeader验证
4.服务方法里面添加账号密码参数
在所有需要权限验证的方法里第一个参数添加账号和密码,老项目中可能会出现这种验证,现在已经很少使用了
//需要验证的方法
public int Plus(string id_pwd,int x, int y)
{
if (Validate(id_pwd) == false) return -1;
return x + y;
}
/// <summary>
/// 权限验证方法
/// </summary>
/// <param name="id_pwd"></param>
/// <returns></returns>
public bool Validate(string id_pwd)
{
string[] str = id_pwd.Split('_');
if (str[0].Equals("id") && str[1].Equals("pwd"))
return true;
else
throw new Exception();
}
5.SoapHeader验证(一般在webServer中使用)
需要一个SoapHeader类去完成,继承自SoapHeader
SoapHeader.cs
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
namespace Ruanmou.SOA.Web.Remote
{
/// <summary>
/// Header:分配个加密钥 账号密码加密
///
/// </summary>
public class CustomSoapHeader : System.Web.Services.Protocols.SoapHeader
{
private string userName = string.Empty;
private string passWord = string.Empty;
public CustomSoapHeader()//必须有一个无参数的构造函数
{ }
/// <summary>
/// 构造函数
/// </summary>
/// <param name="userName">用户名</param>
/// <param name="passWord">密码</param>
public CustomSoapHeader(string userName, string passWord)
{
this.userName = userName;
this.passWord = passWord;
}
/// <summary>
/// 获取或设置用户用户名
/// </summary>
public string UserName
{
get { return userName; }
set { this.userName = value; }
}
/// <summary>
/// 获取或设置用户密码
/// </summary>
public string PassWord
{
get { return passWord; }
set { this.passWord = value; }
}
public bool Validate()
{
return this.UserName.Contains("id") && this.PassWord.Contains("pwd");
}
}
}
标准使用方式,需要在方法上标记[SoapHeader("SoapHeaderProp")]特性,验证失败抛异常,跟方式4其实是差不多的
[SoapHeader("SoapHeaderProp")]
public string GetInfo(int id, string name)
{
if (!this.SoapHeaderProp.Validate())
{
throw new SoapException("身份验证失败", SoapException.ClientFaultCode);
}
return Newtonsoft.Json.JsonConvert.SerializeObject(new
{
Id = id,
Name = name,
Remark = $"This is {id} {name}"
});
}