Web 服务soap 标头身份验证 [英] Web service soap header authentication

问题描述

我有一个 Web 服务，我想从soap 标头验证用户.也就是说，我想检查soap标头中的令牌ID(随机数)并根据我的数据库中的值验证它，如果数字匹配，我允许请求通过，否则我不想允许执行我的网络方法.

I have a web service, i want to authenticate the user from the soap header. That is, i want to check a token id (random number) in soap header and validate it against a value in my database and if the number matches i allow the request to go through otherwise i dont want to allow execution of my web method.

是否有使用 SOAP 标头执行此操作的干净方法?

Is there any clean way of doing it using SOAP headers?

谢谢，

Jaiswal 先生

推荐答案

你有没有研究过 WS-安全?假设您尚未将其用于其他用途，您可以在 Username 元素等中携带您的令牌.

Have you looked into WS-Security? Assuming you're not already using it for something else, you could carry your token in the Username element, etc.

<?xml version="1.0"?>
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
  <soapenv:Header>
    <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" soapenv:mustUnderstand="1">
      <wsse:UsernameToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="UsernameToken-1">
        <wsse:Username>yourusername</wsse:Username>
        <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">yourpassword</wsse:Password>
      </wsse:UsernameToken>
    </wsse:Security>
  </soapenv:Header>
  <soapenv:Body>
    <yourbodygoeshere>
  </soapenv:Body>
</soapenv:Envelope>

这篇关于Web 服务soap 标头身份验证的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！