Custom SOAP Message Header

For WebService calls, to verify the identity of the caller, you can customize a SoapHeader so that the caller can put the identity information in it and then check it on the server. The specific method is as follows:

1. First define a SoapHeader and use it to pass the identity information:

 
 

  
  
Using System;
  
  
Using System. Web. Services. Protocols;
  
  
 
  
  
Namespace CustomSoap
  
  
{
  
  
/// <Summary>
  
  
/// Customize the SOAP header, derived from SoapHeader
  
  
/// </Summary>
  
  
Public class ServiceHeader: SoapHeader
  
  
{
  
  
/// <Summary>
  
  
/// Define the username field
  
  
/// </Summary>
  
  
Public string Name {get; set ;}
  
  
/// <Summary>
  
  
/// Define the password field
  
  
/// </Summary>
  
  
Public string Pass {get; set ;}
  
  
}
  
  
}
 
 

2. Modify the service method in WebService:

 
 

  
  
Using System;
  
  
Using System. Web. Services;
  
  
Using System. Web. Services. Protocols;
  
  
 
  
  
Namespace CustomSoap
  
  
{
  
  
[WebService (Namespace = "CustomSoap. Test")]
  
  
[WebServiceBinding (ConformsTo = WsiProfiles. BasicProfile1_1)]
  
  
[System. ComponentModel. ToolboxItem (false)]
  
  
Public class Service: System. Web. Services. WebService
  
  
{
  
  
/// <Summary>
  
  
/// Define a ServiceHeader object
  
  
/// </Summary>
  
  
Public ServiceHeader Header {get; set ;}
  
  
 
  
  
/// <Summary>
  
  
/// Service method. Use SoapHeader to mark which Header to use. Here is the Header attribute defined above.
  
  
/// </Summary>
  
  
/// <Returns> </returns>
  
  
[WebMethod]
  
  
[SoapHeader ("Header")]
  
  
Public string Hello ()
  
  
{
  
  
String user = this. Header. Name;
  
  
String pass = this. Header. Pass;
  
  
 
  
  
// You can determine your identity here. the user name and password are dead.
  
  
If (string. Equals (user, "root") & string. Equals (pass, "pass "))
  
  
Return "Hello root ";
  
  
Else
  
  
Return "Login Required ";
  
  
}
  
  
}
  
  
}
 
 

3. The caller must pass the identity information:

 
 

  
  
Public string CallHello ()
  
  
{
  
  
// ServiceProxy is the proxy class generated for Service. asmx.
  
  
Var proxy = new CustomSoap. Remote. ServiceProxy ();
  
  
 
  
  
// Pass the identity information
  
  
Proxy. ServiceHeaderValue = new CustomSoap. Remote. ServiceHeader ();
  
  
Proxy. ServiceHeaderValue. Name = "root ";
  
  
Proxy. ServiceHeaderValue. Pass = "pass ";
  
  
 
  
  
// Call the Remote Method
  
  
Return proxy. Hello ();
  
  
}
 
 

You can call this operation to receive "Hello root". If the user name or password is incorrect, you will receive "Login Required ".

At this time, the SOAP content will change. Capture the package or directly access Service. asmx in the browser? Op = Hello, you can see the request package:

 
 

  
  
POST/Service. asmx HTTP/1.1
  
  
Host: localhost
  
  
Content-Type: text/xml; charset = UTF-8
  
  
Content-Length: length
  
  
SOAPAction: "CustomSoap. Test/Hello"
  
  
 
  
  
<? Xml version = "1.0" encoding = "UTF-8"?>
  
  
<Soap: Envelope xmlns: xsi = "The http://www.w3.org/2001/XMLSchema-instance" xmlns: xsd = "The http://www.w3.org/2001/XMLSchema" xmlns: soap = "The http://schemas.xmlsoap.org/soap/envelope/">
  
  
<! -- The Header is added here, And the content is our custom ServiceHeader -->
  
  
<Soap: Header>
  
  
<ServiceHeader xmlns = "CustomSoap. Test">
  
  
<Name> string </Name>
  
  
<Pass> string </Pass>
  
  
</ServiceHeader>
  
  
</Soap: Header>
  
  
<! -- END -->
  
  
<Soap: Body>
  
  
<Hello xmlns = "CustomSoap. Test"/>
  
  
</Soap: Body>
  
  
</Soap: Envelope>
 
 

In addition, for WebService, it is plain text SOAP communication, so you need to consider the solution for security.

 

This article from the rabbit nest blog, please be sure to keep this source http://boytnt.blog.51cto.com/966121/837345