Asp. NET implementation of WebService application example based on forms authentication

Source: Internet
Author: User
Tags anonymous config

This article mainly introduces the ASP.net implementation of forms authentication based on the WebService application, example analysis of the use of forms for WebService identity authentication of the relevant skills and implementation methods, the need for friends can refer to the

In asp.net programs where security requirements are not very high, forms based authentication is a common way to use, and if you need to authenticate webservice, the most commonly used is the custom authentication method based on the SOAP header. If you compare the two, it is clear that the forms based authentication is more user-friendly, can you apply forms validation to WebService?

In theory, it is possible to authenticate webservice using the forms-based approach, but the following two problems may exist during use:

1. Forms Based authentication is also a cookie based authentication method, which is not a problem for us to consider when using a browser. But for applications that use WebService, the default is not to save cookies, and we need to do the work ourselves.

2.WebService since it is a A2A (application to application) application, it is obviously not appropriate to use Web Forms for authentication, and this will inevitably result in human-computer interaction, which compromises the WebService application.

Next, we'll step through these two issues:

1.Cookie Save Problem

The WebService client proxy class has a property Cookiecontainer can be used to set or get a cookie collection, and the task of saving cookies is given to him:

System.Net.CookieContainer Cookiecontainer = new System.Net.CookieContainer ();

Myservice.webservice service = new App.MyService.WebService ();

Service. Cookiecontainer = Cookiecontainer;

2. We do not want to use Web forms for authentication, fortunately, ASP. NET form validation, the form page (that is, the loginurl within the forms element in the Web.config file) can also be specified as a WebService file.

We create a Web service that is specifically used for authentication, which is named Login.asmx, and then loginurl equals "login.asmx," and of course, you need to disable anonymous access in the authorization section of the Web.config file ( Otherwise we'll be in vain. The Web.config file after the configuration is completed as follows:

?

1 2 3 4 5 6 7 8 9 10 11-12 <?xml version= "1.0" encoding= "Utf-8"?> <configuration> <system.web> <compilation debug= "false"/ > <authentication mode= "Forms" > <forms name= "myservice" loginurl= "Login.asmx" ></forms> </ authentication> <authorization > <deny users= "?" /> </authorization> </system.web> </configuration>

In fact, we don't want the browser to turn to Login.asmx without authentication, and the real benefit of using WebService's client programs is that you can access the methods in Login.asmx anonymously ( Of course, we can also put Login.asmx in a separate directory, and then allow anonymous access to the directory to achieve this, but I think it is more elegant with loginurl.

Next, we add the WebMethod for Login.asmx for authentication:

?

1 2 3 4 5 6 7 8 9 10 11 12 13-14 [WebMethod] public bool Check (string username,string password) {if (UserName = = "AAAAAA" && password = "123456") Add validation logic {System.Web.Security.FormsAuthentication.SetAuthCookie (UserName, False); return true;} else {return false;}}

The final step is to have the WebService instance in the client program share Cookiecontainer with the login instance.

?

1 2 3 4 5 6 7 8 9 10 11 12 13 14-15 16 Class Sample {System.Net.CookieContainer Cookiecontainer = new System.Net.CookieContainer (); public void Login () {MyServ Icelogin.login Login = new App.MyServiceLogin.Login (); Login. Cookiecontainer = Cookiecontainer; Login. Check ("aaaaaa", "123456"); public void Showhelloworld () {Myservice.webservice service = new App.MyService.WebService (); service. Cookiecontainer = Cookiecontainer; Console.WriteLine (service. HelloWorld ()); } }

Login () after Showhelloworld (), do you see the familiar "Hello world"? Ok, that's easy!

I hope this article will help you with the C # program.

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.