Web 服务soap 标头身份验证 [英] Web service soap header authentication
问题描述
我有一个 Web 服务,我想从soap 标头验证用户.也就是说,我想检查soap标头中的令牌ID(随机数)并根据我的数据库中的值验证它,如果数字匹配,我允许请求通过,否则我不想允许执行我的网络方法.
I have a web service, i want to authenticate the user from the soap header. That is, i want to check a token id (random number) in soap header and validate it against a value in my database and if the number matches i allow the request to go through otherwise i dont want to allow execution of my web method.
是否有使用 SOAP 标头执行此操作的干净方法?
Is there any clean way of doing it using SOAP headers?
谢谢,
Jaiswal 先生
推荐答案
你有没有研究过 WS-安全?假设您尚未将其用于其他用途,您可以在 Username 元素等中携带您的令牌.
Have you looked into WS-Security? Assuming you're not already using it for something else, you could carry your token in the Username element, etc.
<?xml version="1.0"?>
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
<soapenv:Header>
<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" soapenv:mustUnderstand="1">
<wsse:UsernameToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="UsernameToken-1">
<wsse:Username>yourusername</wsse:Username>
<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">yourpassword</wsse:Password>
</wsse:UsernameToken>
</wsse:Security>
</soapenv:Header>
<soapenv:Body>
<yourbodygoeshere>
</soapenv:Body>
</soapenv:Envelope>
这篇关于Web 服务soap 标头身份验证的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!