WebService标头认证 [英] WebService Headers Authentication

问题描述

现在，我已经获得了Web服务身份验证，但是我已经在WebMethod中调用了一个方法，如下所示:

Exactly now, I got my webservice authentication, but i've done this calling a method inside WebMethod, like this:

[WebMethod]
[SoapHeader("LoginSoapHeader")]
public int findNumberByCPF(string cpf)
        {
            try
            {
                LoginAuthentication();
                var retRamal = DadosSmp_Manager.RetornaRamalPorCPF(cpf);
                var searchContent= String.Format("CPF[{0}]", cpf);
                DadosSmp_Manager.insertCallHistory(retRamal, searchContent);

                return retRamal.Ramal;
            }
            catch (Exception ex)
            {
                Log.InsertQueueLog(Log.LogType.Error, ex);
                throw getException(ex.TargetSite.Name, cpf);
            }
        }

我现在想仅使用代码上方的SOAP标头-SoapHeader("LoginSoapHeader")来验证此WebMethod，而无需调用"LoginAuthentication()"方法.

I want now to authenticate this WebMethod without call the "LoginAuthentication()" method, only using the SOAP Header - SoapHeader("LoginSoapHeader") - that is above inside the code.

然后，我的问题是如何仅使用标头对WebMethod进行身份验证?

Then, my question is how can I authenticate my WebMethod only using headers?

谢谢.

推荐答案

要求是Web服务客户端在访问Web方法时必须提供用户名和密码.

The requirement is the web service client has to provide with username and password while accessing the web methods.

我们将使用自定义的Soap标头而不是http标头

We're going to achieve this using custom soap headers not the http headers

.NET框架允许您通过从SoapHeader类派生来创建自定义SOAP标头，因此我们想添加用户名和密码

The .NET framework lets you create custom SOAP headers by deriving from the SoapHeader class, so we wanted to add a username and password

using System.Web.Services.Protocols;

public class AuthHeader : SoapHeader
{
 public string Username;
 public string Password;
}

要强制使用新的SOAP Header，我们必须在方法中添加以下属性

To force the use of our new SOAP Header we have to add the following attribute to the method

[SoapHeader ("Authentication", Required=true)]

在.cs中包含类名称

public AuthHeader Authentication;


[SoapHeader ("Authentication", Required=true)]
[WebMethod (Description="WebMethod authentication testing")]
public string SensitiveData()
{

//Do our authentication
//this can be via a database or whatever
if(Authentication.Username == "userName" && 
            Authentication.Password == "pwd")
{
   //Do your thing
   return "";

}
else{
   //if authentication fails
   return null;
 }            
}

我们在SOAP请求中使用soap:Header元素进行身份验证，不要误解与请求一起发送的HTTP标头. SOAP请求类似于:

we authenticate using the soap:Header element in a SOAP request,don't misunderstand the HTTP headers sent with the request. The SOAP request looks something like:

 <?xml version="1.0" encoding="utf-8"?>
 <soap:Envelope  xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
 <soap:Header>
   <AUTHHEADER xmlns="http://tempuri.org/">
     <USERNAME>string</USERNAME>
     <PASSWORD>string</PASSWORD>
   </AUTHHEADER>
 </soap:Header>
   <soap:Body>
     <SENSITIVEDATA xmlns="http://tempuri.org/" />
   </soap:Body>
</soap:Envelope>

这篇关于WebService标头认证的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！