Web服务soap头认证 [英] Web service soap header authentication

问题描述

我有一个网络服务，我想从肥皂头验证用户.也就是说，我想检查soap标头中的令牌ID(随机数)并根据我的数据库中的值验证它，如果数字匹配，我允许请求通过，否则我不想允许执行我的网络方法.

I have a web service, i want to authenticate the user from the soap header. That is, i want to check a token id (random number) in soap header and validate it against a value in my database and if the number matches i allow the request to go through otherwise i dont want to allow execution of my web method.

有没有使用 SOAP 标头的干净方法?

Is there any clean way of doing it using SOAP headers?

谢谢，

Mrinal Jaiswal

Mrinal Jaiswal

推荐答案

你看过 WS-安全?假设您还没有将它用于其他用途，您可以在 Username 元素等中携带您的令牌.

Have you looked into WS-Security? Assuming you're not already using it for something else, you could carry your token in the Username element, etc.

<?xml version="1.0"?>
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
  <soapenv:Header>
    <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" soapenv:mustUnderstand="1">
      <wsse:UsernameToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="UsernameToken-1">
        <wsse:Username>yourusername</wsse:Username>
        <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">yourpassword</wsse:Password>
      </wsse:UsernameToken>
    </wsse:Security>
  </soapenv:Header>
  <soapenv:Body>
    <yourbodygoeshere>
  </soapenv:Body>
</soapenv:Envelope>

这篇关于Web服务soap头认证的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！