WebService authentication

http://blog.csdn.net/largestone_187/article/details/5734632

经过SoapHeader对用户口令进行验证，只有受权的用户才可使用接口。确保了访问接口用户的安全性。

 

public MySoapHeader myHeader = new MySoapHeader();

    public SoapHeaderService()
    {

        //Uncomment the following line if using designed components
        //InitializeComponent();
    }
    //普通方法，不须要SoapHeader验证 
    [WebMethod(Description = "普通方法不须要验证")]
    public string HelloWorld(string msg) {
        if (msg == "")
            msg = "default message:" + "Hello World";
        else
            msg = "The message you have input is " + msg;   
        return msg;
    }
    //须要SoapHeader验证 
    [SoapHeader("myHeader")]
    [WebMethod(Description="须要SoapHeader验证  ", EnableSession = true)]
    public string GetSecurityService(string inmsg)     
    {         
        string msg = "";         
        //验证是否有权访问         
        if (!myHeader.IsValid(out  msg))         
        {             
            return msg;//返回错误信息         
        }
        inmsg = "Security Message: " + inmsg;
        return inmsg;     
    } 

SoapHeader验证，本文未链接数据库，仅仅将验证写死了，须要的能够本身改。

 

public class MySoapHeader:System.Web.Services.Protocols.SoapHeader
{
    private string _UserID = string.Empty;
    private string _PassWord = string.Empty; 
 
    public MySoapHeader()
 {
  //
  // TODO: Add constructor logic here
  //
 }
    //<param name="nUserID">用户ID</param>     
    //<param name="nPassWord">加密后的密码</param>     
    public MySoapHeader(string nUserID, string nPassWord)     
    {         
        Initial(nUserID, nPassWord);     
    } 
    #region 属性     
    //<summary>      //用户名      //</summary>     
    public string UserID     
    {         
        get { return _UserID; }         
        set { _UserID = value; }     
    }     
    //<summary>     
    //加密后的密码     
    //</summary>     
    public string PassWord     
    {         
        get { return _PassWord; }         
        set { _PassWord = value; }     
    }             
    #endregion     
    #region 方法     
    //<summary>     
    //初始化     
    //</summary>     
    //<param name="nUserID">用户ID</param>     
    //<param name="nPassWord">加密后的密码</param>     
    private void Initial(string nUserID, string nPassWord)     
    {         
        UserID = nUserID;         
        PassWord = nPassWord;     
    }     
    //<summary>     
    //验证用户名密码是否正确     
    //</summary>     
    //<param name="nUserID">用户ID</param>     
    //<param name="nPassWord">加密后的密码</param>     
    //<param name="nMsg">返回的错误信息</param>     
    //<returns>用户名密码是否正确</returns>     
    private bool IsValid(string nUserID, string nPassWord, out string nMsg)     
    {         
        nMsg = "";         
        try        
        {             
            //判断用户名密码是否正确              
            if (nUserID == "admin" && nPassWord == "admin")             
            {                 
                return true;
            }             
            else            
            {                 
                nMsg = "对不起，你无权调用此Web服务。";                 
                return false;             
            }         
        }          catch        
        {             
            nMsg = "对不起，你无权调用此Web服务。";             
            return false;          }     
        }     
    //<summary>     
    //验证用户名密码是否正确     
    //</summary>      //<returns>用户名密码是否正确</returns>     
    public bool IsValid(out string nMsg)     
    {         
        return IsValid(_UserID, _PassWord, out nMsg);     
    }     
    #endregion 

}

SoapHeaderWS.SoapHeaderService shService = new SoapHeaderWS.SoapHeaderService();
SoapHeaderWS.MySoapHeader header = new SoapHeaderWS.MySoapHeader();
header.UserID = "admin";
header.PassWord = "admin";
shService.MySoapHeaderValue = header;
string outmsg = shService.GetSecurityService("测试安全控制Web Service成功！");
Label1.Text = outmsg;