C# WebService 头认证
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/18089449/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
WebService Headers Authentication
提问by guisantogui
Exactly now, I got my webservice authentication, but i've done this calling a method inside WebMethod, like this:
就在现在,我得到了我的网络服务身份验证,但我已经完成了调用 WebMethod 中的一个方法,如下所示:
[WebMethod]
[SoapHeader("LoginSoapHeader")]
public int findNumberByCPF(string cpf)
{
try
{
LoginAuthentication();
var retRamal = DadosSmp_Manager.RetornaRamalPorCPF(cpf);
var searchContent= String.Format("CPF[{0}]", cpf);
DadosSmp_Manager.insertCallHistory(retRamal, searchContent);
return retRamal.Ramal;
}
catch (Exception ex)
{
Log.InsertQueueLog(Log.LogType.Error, ex);
throw getException(ex.TargetSite.Name, cpf);
}
}
I want now to authenticate this WebMethod without call the "LoginAuthentication()" method, only using the SOAP Header - SoapHeader("LoginSoapHeader") - that is above inside the code.
我现在想在不调用“LoginAuthentication()”方法的情况下验证这个 WebMethod,只使用 SOAP Header - SoapHeader("LoginSoapHeader") - 在代码内部。
Then, my question is how can I authenticate my WebMethod only using headers?
然后,我的问题是如何仅使用标头对我的 WebMethod 进行身份验证?
Thanks in advance.
提前致谢。
采纳答案by Durai Amuthan.H
The requirement is the web service client has to provide with username and password while accessing the web methods.
要求是 Web 服务客户端在访问 Web 方法时必须提供用户名和密码。
We're going to achieve this using custom soap headers not the http headers
我们将使用自定义soap标头而不是http标头来实现这一点
The .NET framework lets you create custom SOAP headers by deriving from the SoapHeader class, so we wanted to add a username and password
.NET 框架允许您通过从 SoapHeader 类派生来创建自定义 SOAP 标头,因此我们想要添加用户名和密码
using System.Web.Services.Protocols;
public class AuthHeader : SoapHeader
{
public string Username;
public string Password;
}
To force the use of our new SOAP Header we have to add the following attribute to the method
要强制使用我们的新 SOAP Header,我们必须向方法添加以下属性
[SoapHeader ("Authentication", Required=true)]
Include the class name in .cs
在 .cs 中包含类名
public AuthHeader Authentication;
[SoapHeader ("Authentication", Required=true)]
[WebMethod (Description="WebMethod authentication testing")]
public string SensitiveData()
{
//Do our authentication
//this can be via a database or whatever
if(Authentication.Username == "userName" &&
Authentication.Password == "pwd")
{
//Do your thing
return "";
}
else{
//if authentication fails
return null;
}
}
we authenticate using the soap:Header element in a SOAP request,don't misunderstand the HTTP headers sent with the request. The SOAP request looks something like:
我们在 SOAP 请求中使用 soap:Header 元素进行身份验证,不要误解随请求发送的 HTTP 标头。SOAP 请求类似于:
<?xml version="1.0" encoding="utf-8"?>
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
<soap:Header>
<AUTHHEADER xmlns="http://tempuri.org/">
<USERNAME>string</USERNAME>
<PASSWORD>string</PASSWORD>
</AUTHHEADER>
</soap:Header>
<soap:Body>
<SENSITIVEDATA xmlns="http://tempuri.org/" />
</soap:Body>
</soap:Envelope>
