ASP.NET Web服务安全性 [英] ASP.NET Web Service Security

问题描述

我已经建立了ASP.NET Web服务在过去，要么被公开消费，或使用Windows身份验证。我现在需要建立一个使用SOAP 1.1协议的Web服务，它需要从主叫用户名和密码是安全的。

I've built ASP.NET Web Services in the past that either were publicly consumed, or used Windows Authentication. I now need to build a Web Service that uses the SOAP 1.1 protocol and it needs to be secured with a username and password from the caller.

这似乎一个设置为WCP基础设施是矫枉过正或两个Web服务。任何其他建议？我也在想使用ASP.NET 4.0 Beta版的，如果有人已经探讨了此方案，这将有助于了解你的意见。

It seems setting up the infrastructure for WCP is overkill for one or two Web Services. Any other suggestions? I was also thinking of using ASP.NET 4.0 Beta, if anyone has explored that for this scenario, it would be helpful to know your opinion.

在此先感谢您的建议。

推荐答案

最简单的方法是创建一个带有每次调用的验证信息一个特殊的头和认证/授权用户这样

The simple way is to create a special header that carries the auth info for every call and authenticate/authorize the user that way

下面是一些示例code：
<一href=\"http://aspalliance.com/805%5FSoap%5FHeaders%5FAuthentication%5Fin%5FWeb%5FServices\">http://aspalliance.com/805_Soap_Headers_Authentication_in_Web_Services

Here's some sample code: http://aspalliance.com/805_Soap_Headers_Authentication_in_Web_Services

请注意，以这种方式您发送明文用户名和密码，这样你想使用SSL或使用某种类型的摘要式身份验证的

Note that in this way you are sending clear text username and password so you would want to use ssl or use some kind of digest authentication

这篇关于ASP.NET Web服务安全性的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！