如何保护Web服务中的方法 [英] how to protect the methods in webservices

问题描述

大家好，

我对Web服务有一个疑问，如果我有7种方法的服务，我必须在我的客户添加Web引用时只给我的客户3种方法，应该添加所有7种方法，但他只能使用3种方法.我该怎么办这个.

问候，
S.Inayat Basha.

Hi All,

i have one doubt regarding webservices,if i have a service with 7 methods,i have to give only 3 methods to my client when he add web reference all 7 methods should be add but he able to use only 3 methods.how can i do this.

Regards,
S.Inayat Basha.

推荐答案

如果方法从不 publicallt可用，那么您可能做错了这一点:它不应该放在完全是Web服务，但在较低的体系结构层(例如，对象模型)中.如果必须执行此操作，请不要使用WebMethod属性(对于Vanilla WS)或 WCF的OperationContract .

如果您不希望用户a使用这些方法，但用户b使用这些方法，则应使用安全性来做到这一点.合同将相同，但用户a将无法使用它们

最后，如果您确实不希望用户a(但您确实希望用户b)将其包含在他们的代理中，则您必须公开一个单独的网络服务(更简便)，或者您将不得不做一些非常底层的工作来拦截代理生成过程，这将是相当复杂的工作.最后一点建议我不确定(我从来没有做过)，但我认为这是可能的.

If the methods are neverpublicallt available, you are probably doing this incorrectly: it should not be in the Webservice at all, but in a lower architectural layer (e.g. the Object Model).If you must do this, don''t decorate the method with the WebMethod attribute (for Vanilla WS) or OperationContract for WCF.

If you don''t want the methods available to user a, but available to user b, you should use security to do this. The contracts will be the same, but user a will not be able to use them

Finally, if you really don''t want user a (but you do for user b) to have them in their proxy, you have to either expose a separate web-service (easier) or you''ll have to do some pretty low-level work to intercept the proxy generation process, which will be fairly complicated work. This last suggestion I''m not at all sure about (I''ve never had to do this) but I think it will be possible.

以下是Windows身份验证的链接Web服务

此处 [ ^ ]

Here is the link for Windows authentication for Webservices

Here[^]

这篇关于如何保护Web服务中的方法的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！