WebService: Use the SOAP header to customize authentication and authorization

Windows authentication is very suitable for the Intranet solution. In this case, you verify the identity of users in your own domain. However, on the internet, you may need to perform custom authentication and authorization on the SQL database. In this case, you should pass custom creden。 (such as usernames and passwords) to the service and allow the Service to handle authentication and authorization.

An easy way to pass additional information together with the request to the XML Web Service is through the SOAP header. Therefore, you need to defineSoapheaderThen declare the public fields of the service as this type. This is made public in the public contract of the Service and can be used by the client when a proxy is created from webserviceutil.exe, as shown in the following example:

Using system. web. services; using system. web. services. protocols; // authheader class extends from soapheaderpublic class authheader: soapheader {Public String username; Public String password;} public class headerservice: WebService {public authheader sheader ;...} Imports system. web. servicesimports system. web. services. protocols 'authheader class extends from soapheaderpublic class authheader: inherits soapheader public username as string public password as stringend classpublic class headerservice: inherits WebService public sheader as authheader... end Class Import system. web. services; import system. web. services. protocols; // authheader class extends from soapheaderpublic class authheader extends soapheader {public var Username: string; Public var password: string;} public class headerservice extends WebService {public var sheader: authheader ;...}
C #

EachWebmethodAll can be usedSoapheaderCustom Attributes define a set of associated headers. By default, headers are required, but optional headers can also be defined.SoapheaderAttribute specifies the name of a public field orClientOrServerClass attributes (calledHeadersAttribute ). Before calling a method for the input header,WebServiceSetHeadersAttribute value. When the method returns an output header,WebServiceSearch for this value. For more information about the output or optional headers, see. NET Framework SDK documentation.

[webmethod (description = "This method requires a custom SOAP header set by the caller ")] [soapheader ("sheader")] Public String securemethod () {If (sheader = NULL) Return "error: Please supply credentials"; else return "User:" + sheader. username ;} Public Function securemethod () as string if (sheader is nothing) Return "error: Please supply credentials" else return "User:" & sheader. username end ifend function webmethodattrires (description =" This method requires a custom SOAP header set by the caller ") soapheaderattribute (" sheader ") Public String securemethod () {If (sheader = NULL) return "error: Please supply credentials"; else return "User:" + sheader. username ;}
C #

Then, the client directly sets the header on the proxy class before calling the method that requires the header, as shown in the following example:

headerservice H = new headerservice (); authheader myheader = new authheader (); myheader. username = "johndoe"; myheader. password = "password"; H. authheader = myheader; string result = H. securemethod (); dim h as new headerservicedim myheader as new authheadermyheader. username = "johndoe" myheader. password = "password" H. authheader = myheaderdim result as string = H. securemethod () var H: headerservice = new headerservice (); var myheader: authheader = new authheader (); myheader. username = "johndoe"; myheader. password = "password"; H. authheader = myheader; var result: String = H. securemethod ();
C #