web| Notes | data | Original when invoking Web Serivices, authentication is often required so that authenticated users can invoke methods in your Web serivices. Of course you can add parameters to each Web that requires a custom authentication scheme Services approach, it takes a lot of effort. Issuevision uses a very common and efficient method-----use SoapHeader to implement custom authentication data delivery.
SoapHeader provides a way to pass data to a Web services method or to pass data from a Web services method, provided that the data is not directly related to the main function of the Web services method. Instead of adding parameters to each Web services method that requires a custom authentication scheme, you can apply the Soapheaderattribute of a class that derives references from SoapHeader to each Web services method. The implementation of a class derived from SoapHeader processes this custom authentication scheme. Issuevision is the ability to use SoapHeader to implement custom authentication data delivery.
Let's take a look at how to use SoapHeader to pass data.
1. First, you need to define a class derived from SoapHeader in the service that represents the data passed into the SOAP header.
Issuevision The first step in the Issuevisionweb project (this project is used for publishing web Services) by creating the Credentialsoapheader class.
CredentialSoapHeader.cs
Using System.Web.Services.Protocols;
Namespace Issuevision.web
{
public class Credentialsoapheader:soapheader
{
private string M_username;
private string M_password;
public string Username
{
get{return m_username;}
set{m_username = value;}
}
public string Password
{
get{return M_password;}
set{M_password = value;}
}
}
}
2. Declare the public field of a service as that type so that the SoapHeader is exposed in the public contract of Web services and can be used by clients when the agent is created.
Issuevision's web Services----issuevisionservices.asmx is so implemented.
Issuevisionservices.asmx Code fragment:
public class Issuevisionservices:webservice
{
...
Private Credentialsoapheader m_credentials;
Custom SOAP header to pass credentials
Public Credentialsoapheader Credentials
{
get {return m_credentials;}
set {m_credentials = value;}
}
.......
}
3. When Web Services uses the SoapHeader custom attribute to define a set of associated headers, each WebMethod in the service can be used. (Headers are required by default, but optional headers can also be defined)
Issuevisionservices.asmx Code fragment:
....
[WebMethod (description= "Returns the lookup tables for issuevision.")]
[SoapHeader ("Credentials")]
Public Ivdataset Getlookuptables ()
{
Securityhelper.verifycredentials (this);
return new Ivdata (). Getlookuptables ();
}
The Verifycredentials method of the SecurityHelper class is used to obtain custom authentication credentials (such as user name and password) from the SoapHeader class in Web services.
The SecurityHelper.cs code fragment is as follows:
Verifies the clients credentials
public static void Verifycredentials (Issuevisionservices service)
{
if (service). Credentials = = NULL | | Service. Credentials.username = = NULL | | Service. Credentials.password = = NULL)///If there is no authentication information, return SoapException so that Web method cannot be called anonymously.
{
Eventloghelper.logfailureaudit ("A login is attempted with missing credential information.");
throw new SoapException (string. Empty, Soapexception.clientfaultcode, "security");
}
Authenticates a user ' s credentials passed in a custom SOAP header
private static string Authenticate (Credentialsoapheader header)
{
DataSet DataSet = new DataSet ();
String Dbpasswordhash;
Try
{
SqlConnection conn = new SqlConnection (common.connectionstring);
SqlCommand cmd = new SqlCommand ("GetUser", conn);
Cmd. Parameters.Add ("@UserName", header. Username);
Cmd.commandtype = CommandType.StoredProcedure;
SqlDataAdapter da = new SqlDataAdapter (cmd);
Da. Fill (DataSet);
}
catch (Exception ex)
{
Eventloghelper.logfailureaudit (String. Format ("The GetUser stored procedure encounted a problem: {0}", ex. ToString ()));
throw new SoapException (string. Empty, Soapexception.serverfaultcode, "Database");
}
Does the user exist?
if (dataset.tables[0). Rows.Count = 0)
{
Eventloghelper.logfailureaudit (String. Format ("The username {0} does not exist.", header. Username));
throw new SoapException (string. Empty, Soapexception.clientfaultcode, "security");
}
Else
{
We found the user, verify the password hash by compare the Salt + PasswordHash
DataRow DataRow = dataset.tables[0]. Rows[0];
Dbpasswordhash = (string) datarow["PasswordHash"];
String dbpasswordsalt = (string) datarow["PasswordSalt"];
Create a hash based on the user ' s salt and the input password
String passwordhash = hashstring (Dbpasswordsalt + header. Password);
Does the computed hash match the database hash?
if (String.Compare (Dbpasswordhash, PasswordHash)!= 0)
{
Eventloghelper.logfailureaudit (String. Format ("The password for the username {0} is incorrect.", header. Username));
throw new SoapException (string. Empty, Soapexception.clientfaultcode, "security");
}
}
return dbpasswordhash;
}
4. The final client must set the header directly on the proxy class before invoking the method that requires headers.
Issuevision The smartclient end of the Webserviceslayer class to invoke this Web Services
The WebServicesLayer.cs program fragment is as follows:
The above steps allow you to complete Web services custom authentication. There are a lot of related operations in Issuevision, because here is just a discussion of the use of SoapHeader, not listed.
I have seen so much, welcome to discuss and put forward a new view.
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.
