<configuration>
<system.web>
<authentication mode="Windows"/>
</system.web>
<location path="secureservice.asmx">
<system.web>
<authorization>
<allow users="Administrator"/>
<allow users="DOMAIN/Bradley"/>
<deny roles="BUILTIN/Power Users"/>
</authorization>
</system.web>
</location>
</configuration>
下面是一个使用SOAPHeader的例子:
soapheaders.aspx
<%@ Import Namespace="SoapHeaders" %>
<script language="C#" runat="server">
public void Page_Load(Object sender, EventArgs e) {
Response.Write("<h4><font face=/"verdana/">Using Soap Headers for Custom Authentication</font></h4>");
// Create a new instance of the UsingSoapHeaders
// proxy class used to call the remote .asmx file
HeaderService h = new HeaderService();
// Call the secure method without credentials
Response.Write("First call result: <p>");
try {
Response.Write(h.SecureMethod() + "<p>");
}
catch (Exception ex) {
Response.Write("<pre>" + ex.StackTrace + "</pre><p>");
}
// Create a new instance of the AuthHeader class
AuthHeaderCS myHeader = new AuthHeaderCS();
// Set the value of myHeader
myHeader.Username = "JohnDoe";
myHeader.Password = "password";
// Set the AuthHeader public member of the
// UsingSoapHeaders class to myHeader
h.AuthHeaderCSValue = myHeader;
// Call the secure method with credentials
Response.Write("Second call result: <p><pre>" + h.SecureMethod() + "</pre>");
}
</script>
soapheaders.asmx:
<%@ WebService Language="C#" Class="SoapHeadersCS.HeaderService" %>
using System;
using System.Web.Services;
using System.Web.Services.Protocols;
// Note the namespace has to be different from the one used
// on the proxy dll or we get errors about AuthHeader being
// defined in multiple places.
namespace SoapHeadersCS {
// AuthHeader class extends from SoapHeader
public class AuthHeaderCS : SoapHeader {
public string Username;
public string Password;
}
[WebService(Description="Simple sample to demonstrate use of SOAP Headers")]
public class HeaderService {
public AuthHeaderCS sHeader;
[WebMethod(Description="This method requires a custom soap header set by the caller")]
[SoapHeader("sHeader")]
public string SecureMethod() {
if (sHeader == null)
return "ERROR: Please supply credentials";
string usr = sHeader.Username;
string pwd = sHeader.Password;
if (AuthenticateUser(usr, pwd)) {
return "SUCCESS: " + usr + "," + pwd;
}
else {
return "ERROR: Could not authenticate";
}
}
private bool AuthenticateUser(string usr, string pwd) {
if ((usr != null)&&(pwd != null)) {
// could query a database here for credentials...
return true;
}
return false;
}
}
}