Web服务肥皂头认证 [英] Web service soap header authentication
问题描述
我有一个Web服务,我想从soap标头中对用户进行身份验证.也就是说,我要检查soap标头中的令牌ID(随机数),并针对我数据库中的值对其进行验证,如果该数字匹配,我将允许请求通过,否则,我将不允许执行我的Web方法.
I have a web service, i want to authenticate the user from the soap header. That is, i want to check a token id (random number) in soap header and validate it against a value in my database and if the number matches i allow the request to go through otherwise i dont want to allow execution of my web method.
是否有使用SOAP标头的干净方法?
Is there any clean way of doing it using SOAP headers?
谢谢
Minal Jaiswal
Mrinal Jaiswal
推荐答案
您是否研究过 WS -安全性?假设您尚未将其用于其他用途,则可以将令牌携带在Username元素中,等等.
Have you looked into WS-Security? Assuming you're not already using it for something else, you could carry your token in the Username element, etc.
<?xml version="1.0"?>
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
<soapenv:Header>
<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" soapenv:mustUnderstand="1">
<wsse:UsernameToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="UsernameToken-1">
<wsse:Username>yourusername</wsse:Username>
<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">yourpassword</wsse:Password>
</wsse:UsernameToken>
</wsse:Security>
</soapenv:Header>
<soapenv:Body>
<yourbodygoeshere>
</soapenv:Body>
</soapenv:Envelope>
这篇关于Web服务肥皂头认证的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!