webService的权限控制,该怎么解决
webService的权限控制
webService的权限怎么控制,只要知道你的wsdl就可以访问太不安全了,他的权限要怎么加,希望各位大哥指点一下
------解决方案--------------------
using System;
using System.Data;
using System.Configuration;
using System.Web;
using System.Web.Security;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Web.UI.WebControls.WebParts;
using System.Web.UI.HtmlControls;
///<summary>
/// CredentialSoapHeader 的摘要说明
///</summary>
public class CredentialSoapHeader : System.Web.Services.Protocols.SoapHeader
{
private string _userName;
private string _userPassword;
public CredentialSoapHeader()
{
//
// TODO: 在此处添加构造函数逻辑
//
}
public string UserName
{
get { return _userName; }
set { _userName = value; }
}
public string UserPassword
{
get { return _userPassword; }
set { _userPassword = value; }
}
}
using System;
using System.Web;
using System.Collections;
using System.Web.Services;
using System.Web.Services.Protocols;
///<summary>
/// WebService 的摘要说明
///</summary>
[WebService(Namespace = "http://tempuri.org/")]
[WebServiceBinding(ConformsTo = WsiProfiles.BasicProfile1_1)]
public class WebService : System.Web.Services.WebService {
private CredentialSoapHeader m_credentials;
public CredentialSoapHeader Credentails
{
get { return m_credentials; }
set { m_credentials = value; }
}
public WebService () {
//如果使用设计的组件,请取消注释以下行
//InitializeComponent();
}
[WebMethod]
[SoapHeader("Credentails")]
public string HelloWorld()
{
this.VerifyCredential(this);
return "Hello World";
}
//验证是否合法
private void VerifyCredential(WebService s)
{
if (s.Credentails == null || s.Credentails.UserName == null || s.Credentails.UserPassword == null)
{
throw new SoapException("验证失败", SoapException.ClientFaultCode, "Security");
}
else
{
if (s.Credentails.UserName != "test" || s.Credentails.UserPassword != "test")
{
throw new SoapException("用户和密码错误", SoapException.ClientFaultCode, "Security");
}
}
}
}
webService的权限怎么控制,只要知道你的wsdl就可以访问太不安全了,他的权限要怎么加,希望各位大哥指点一下
------解决方案--------------------
using System;
using System.Data;
using System.Configuration;
using System.Web;
using System.Web.Security;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Web.UI.WebControls.WebParts;
using System.Web.UI.HtmlControls;
///<summary>
/// CredentialSoapHeader 的摘要说明
///</summary>
public class CredentialSoapHeader : System.Web.Services.Protocols.SoapHeader
{
private string _userName;
private string _userPassword;
public CredentialSoapHeader()
{
//
// TODO: 在此处添加构造函数逻辑
//
}
public string UserName
{
get { return _userName; }
set { _userName = value; }
}
public string UserPassword
{
get { return _userPassword; }
set { _userPassword = value; }
}
}
using System;
using System.Web;
using System.Collections;
using System.Web.Services;
using System.Web.Services.Protocols;
///<summary>
/// WebService 的摘要说明
///</summary>
[WebService(Namespace = "http://tempuri.org/")]
[WebServiceBinding(ConformsTo = WsiProfiles.BasicProfile1_1)]
public class WebService : System.Web.Services.WebService {
private CredentialSoapHeader m_credentials;
public CredentialSoapHeader Credentails
{
get { return m_credentials; }
set { m_credentials = value; }
}
public WebService () {
//如果使用设计的组件,请取消注释以下行
//InitializeComponent();
}
[WebMethod]
[SoapHeader("Credentails")]
public string HelloWorld()
{
this.VerifyCredential(this);
return "Hello World";
}
//验证是否合法
private void VerifyCredential(WebService s)
{
if (s.Credentails == null || s.Credentails.UserName == null || s.Credentails.UserPassword == null)
{
throw new SoapException("验证失败", SoapException.ClientFaultCode, "Security");
}
else
{
if (s.Credentails.UserName != "test" || s.Credentails.UserPassword != "test")
{
throw new SoapException("用户和密码错误", SoapException.ClientFaultCode, "Security");
}
}
}
}