This article mainly introduces the ASP.net implementation of forms authentication based on the WebService application, example analysis of the use of forms for WebService identity authentication of the relevant skills and implementation methods, the need for friends can refer to the
In asp.net programs where security requirements are not very high, forms based authentication is a common way to use, and if you need to authenticate webservice, the most commonly used is the custom authentication method based on the SOAP header. If you compare the two, it is clear that the forms based authentication is more user-friendly, can you apply forms validation to WebService?
In theory, it is possible to authenticate webservice using the forms-based approach, but the following two problems may exist during use:
1. Forms Based authentication is also a cookie based authentication method, which is not a problem for us to consider when using a browser. But for applications that use WebService, the default is not to save cookies, and we need to do the work ourselves.
2.WebService since it is a A2A (application to application) application, it is obviously not appropriate to use Web Forms for authentication, and this will inevitably result in human-computer interaction, which compromises the WebService application.
Next, we'll step through these two issues:
1.Cookie Save Problem
The WebService client proxy class has a property Cookiecontainer can be used to set or get a cookie collection, and the task of saving cookies is given to him:
System.Net.CookieContainer Cookiecontainer = new System.Net.CookieContainer ();
Myservice.webservice service = new App.MyService.WebService ();
Service. Cookiecontainer = Cookiecontainer;
2. We do not want to use Web forms for authentication, fortunately, ASP. NET form validation, the form page (that is, the loginurl within the forms element in the Web.config file) can also be specified as a WebService file.
We create a Web service that is specifically used for authentication, which is named Login.asmx, and then loginurl equals "login.asmx," and of course, you need to disable anonymous access in the authorization section of the Web.config file ( Otherwise we'll be in vain. The Web.config file after the configuration is completed as follows:
?
1 2 3 4 5 6 7 8 9 10 11-12 |
<?xml version= "1.0" encoding= "Utf-8"?> <configuration> <system.web> <compilation debug= "false"/ > <authentication mode= "Forms" > <forms name= "myservice" loginurl= "Login.asmx" ></forms> </ authentication> <authorization > <deny users= "?" /> </authorization> </system.web> </configuration> |
In fact, we don't want the browser to turn to Login.asmx without authentication, and the real benefit of using WebService's client programs is that you can access the methods in Login.asmx anonymously ( Of course, we can also put Login.asmx in a separate directory, and then allow anonymous access to the directory to achieve this, but I think it is more elegant with loginurl.
Next, we add the WebMethod for Login.asmx for authentication:
?
1 2 3 4 5 6 7 8 9 10 11 12 13-14 |
[WebMethod] public bool Check (string username,string password) {if (UserName = = "AAAAAA" && password = "123456") Add validation logic {System.Web.Security.FormsAuthentication.SetAuthCookie (UserName, False); return true;} else {return false;}} |
The final step is to have the WebService instance in the client program share Cookiecontainer with the login instance.
?
1 2 3 4 5 6 7 8 9 10 11 12 13 14-15 16 |
Class Sample {System.Net.CookieContainer Cookiecontainer = new System.Net.CookieContainer (); public void Login () {MyServ Icelogin.login Login = new App.MyServiceLogin.Login (); Login. Cookiecontainer = Cookiecontainer; Login. Check ("aaaaaa", "123456"); public void Showhelloworld () {Myservice.webservice service = new App.MyService.WebService (); service. Cookiecontainer = Cookiecontainer; Console.WriteLine (service. HelloWorld ()); } } |
Login () after Showhelloworld (), do you see the familiar "Hello world"? Ok, that's easy!
I hope this article will help you with the C # program.