ASP. NET implements web service application instances based on Forms authentication

ASP. NET implements web service application instances based on Forms authentication

This article mainly introduces ASP. NET to implement WebService applications based on Forms authentication. The example analyzes the skills and implementation methods for WebService identity authentication using Forms. For more information, see

ASP. in the. Net program, Forms-based authentication is often used, the most common method is custom authentication based on the Soap header. If we compare the two, it is clear that Forms-based authentication is more convenient and easy to use. Can we apply Forms authentication to WebService?

Theoretically, it is feasible to use Forms-based authentication for WebService. However, the following two problems may occur during use:

1. Forms-based authentication is also a Cookie-based authentication method. When using a browser, this issue does not need to be considered. However, for applications that use WebService, Cookies cannot be saved by default. We need to do this ourselves.

2. since WebService is an A2A (Application To Application) Application, it is obviously inappropriate To use Web forms for identity authentication, and this will inevitably lead To human-computer interaction, this severely compromises the application of WebService.

Next, we will solve these two problems step by step:

1. Cookie storage problems

The client proxy class of WebService has a property CookieContainer that can be used to set or obtain a Cookie set. The task of saving the Cookie is handed over to him:

System. Net. CookieContainer cookieContainer = new System. Net. CookieContainer ();

MyService. WebService service = new App. MyService. WebService ();

Service. CookieContainer = cookieContainer;

2. we don't want to use Web forms for authentication. Fortunately, ASP.. Net Form validation table single page (Web. the loginUrl in the forms element in the config file can also be specified as a WebService file.

We create a Web service dedicated for identity authentication and name it Login. asmx, and then make loginUrl equal to "Login. asmx ", of course, also need to be in the Web. in the authorization section of the config file, prohibit Anonymous Access (otherwise we will be busy. the config file is as follows:

?

1 2 3 4 5 6 7 8 9 10 11 12

<? Xml version = "1.0" encoding = "UTF-8"?> <Configuration> <System. web> <Compilation debug = "false"/> <Authentication mode = "Forms"> <Forms name = "MyService" loginUrl = "Login. asmx"> </forms> </Authentication> <Authorization> <Deny users = "? "/> </Authorization> </System. web> </Configuration>

In fact, we do not want to turn the browser to Login without passing authentication. the real benefit of asmx for WebService client programs is: Anonymous Access to Login. methods In asmx (of course, we can also put Login. asmx is placed in a separate directory, and anonymous access to the directory is allowed for this purpose, but I think it is more elegant to use loginUrl ).

Next, we will add a WebMethod for identity authentication for Login. asmx:

?

1 2 3 4 5 6 7 8 9 10 11 12 13 14

[WebMethod] Public bool Check (string userName, string password) { If (userName = "aaaaaa" & password = "123456 ") // Add verification Logic { System. Web. Security. FormsAuthentication. SetAuthCookie (userName, false ); Return true; } Else { Return false; } }

The last step is to share the CookieContainer with the WebService instance in the client program with the Login instance.

?

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16

Class Sample { System. Net. CookieContainer cookieContainer = new System. Net. CookieContainer (); Public void Login () { MyServiceLogin. Login login = new App. MyServiceLogin. Login (); Login. CookieContainer = cookieContainer; Login. Check ("aaaaaa", "123456 "); } Public void ShowHelloWorld () { MyService. WebService service = new App. MyService. WebService (); Service. CookieContainer = cookieContainer; Console. WriteLine (service. HelloWorld ()); } }

After Login () and then ShowHelloWorld (), do you see the familiar "Hello World "? OK, that's easy!

I hope this article will help you with C # programming.