限制对不同请求的C#Web服务中的Web方法的访问? [英] Limiting Access to webmethods in a C# webservice for different requests????

问题描述

大家好，

我们正在提供一个包含10种Web方法的C#Web服务，它将把不同的数据返回给客户端...

我想通过不同的方法集将Web方法的访问限制为不同的客户端....


例如，我编写了名为A，B，C，D，E，F，G，H，I，J的Web方法.


客户A-B，D，F，G
等级B-A，B，C，D，E，F，G，I
客户C-A，B，C，D，E，F，G，H，I，J

在当前情况下，我们拥有200多个客户端和500多种Web方法....

我该怎么办??

我可以使用数据库驱动的机制来实现这一目标吗?如果可能的话如何?

我已经使用SOAPHEADER对所有用户进行身份验证了....我有一个像客户端主服务器这样的SQL表，它将为请求的客户端提供IP地址以对请求进行身份验证....


在此先感谢...

Hello All,

We are giving a c# webservice which contains 10 webmethods which will return different data to clients...

I want to restrict the access of web methods to different clients with diffrent set of methods....


For example I have written webmethods named A,B,C,D,E,F,G,H,I,J


Client A - B,D,F,G
Clent B - A,B,C,D,E,F,G,I
Client C - A,B,C,D,E,F,G,H,I,J

In current scenario, We are having more than 200 clients and more than 500 web methods....

How can i do this???

Can I use database driven mechanism to achieve this? If possible how?

I have already used SOAPHEADER to authenticate all users.... I have a SQL table like client master which will give the IP address for the requesting client to authenticate the request....


Thanks in advance...

推荐答案

您已经在这里回答了自己的问题...

您已经在进行用户身份验证，因此只需更新数据库，以使您具有类似于以下内容的表:

用户ID，WebMethodID

使用每个客户端及其批准的Web方法的相关详细信息填充此表，每个客户端/Web方法对一个条目.

更新您的网络方法，使其仅在客户端/网络方法对被授权的情况下才起作用...像这样:

You''ve just about answered your own question here...

You already have user authentication happening, so simply update your database so that you have a table similar to this:

UserID, WebMethodID

Populate this table with relevant details for each client and their approved webmethods, one entry per client/webmethod pair.

Update your webmethods so that they only work if the client/webmethod pair is authorised... something like this:

if isAuthorised(ClientID, WebmethodID) then

' do the webmethod stuff here

endif

private function isAuthorised(byval ClientID as integer, byval WebmethodID as integer) as boolean
' Make a call to the database to check for the ClientID/Webmethod pair

if FOUND_IN_DATABASE then
  isAuthorised = true
else
  isAuthorised = false
endif
end function

您总是可以放一些逻辑上找到客户端并根据客户端发回的响应.可能是客户端A的IP范围，对于客户端B的另一个IP范围...如果A正在请求，则允许B，D，F，G进行响应.您可以根据需要在服务层或Db层中编写此逻辑.

但我建议进行3项服务...分别为客户A，B和A提供1项服务C .为什么要把它们全部结合在一起?您可以轻松地进行维护，并且如果需要还可以具有不同类型的安全级别！

You can always put some logic to find the client and based on the client sent back the response. Might be an IP range for client A, another for B ... if A is requesting then allow B,D,F,G to response back. This logic can be written in service layer or Db layer where ever you like.

But i would suggest, make 3 services... 1 each for client A, B & C. Why to club them all? It would be easy for you to maintain and can also have different types of security level if needed!

您可以添加一个入口方法，该方法将在每次调用任何Web方法时都将被调用:

a()
{
if(entry()){
}
其他
{
返回;
}
}

b()
{
if(entry()){
}
其他
{
返回;
}
}

等

此方法可以查找用户访问权限，并确定是否允许用户访问Web方法.

you could add an entry method that will be called each time any of the webmethods are called :

a()
{
if(entry()){
}
else
{
return ;
}
}

b()
{
if(entry()){
}
else
{
return ;
}
}

etc

this method can look up the user access rights and determine if the user is allowed access to the webmethod or not.

这篇关于限制对不同请求的C#Web服务中的Web方法的访问?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！