Web服务肥皂头认证 [英] Web service soap header authentication

问题描述

我有一个Web服务，我想从soap标头中对用户进行身份验证.也就是说，我要检查soap标头中的令牌ID(随机数)，并针对我数据库中的值对其进行验证，如果该数字匹配，我将允许请求通过，否则，我将不允许执行我的Web方法.

I have a web service, i want to authenticate the user from the soap header. That is, i want to check a token id (random number) in soap header and validate it against a value in my database and if the number matches i allow the request to go through otherwise i dont want to allow execution of my web method.

是否有使用SOAP标头的干净方法?

Is there any clean way of doing it using SOAP headers?

谢谢

Minal Jaiswal

Mrinal Jaiswal

推荐答案

您是否研究过 WS -安全性?假设您尚未将其用于其他用途，则可以将令牌携带在Username元素中，等等.

Have you looked into WS-Security? Assuming you're not already using it for something else, you could carry your token in the Username element, etc.

<?xml version="1.0"?>
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
  <soapenv:Header>
    <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" soapenv:mustUnderstand="1">
      <wsse:UsernameToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="UsernameToken-1">
        <wsse:Username>yourusername</wsse:Username>
        <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">yourpassword</wsse:Password>
      </wsse:UsernameToken>
    </wsse:Security>
  </soapenv:Header>
  <soapenv:Body>
    <yourbodygoeshere>
  </soapenv:Body>
</soapenv:Envelope>

这篇关于Web服务肥皂头认证的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！