1. Overview:
Web Services are online application services released by enterprises to fulfill their specific business needs. Other companies or application software can access and use this online service through the Internet. It logically provides data and services to other applications. Each application accesses the Web Service through network protocols and some specified standard data formats (Http, XML, Soap), and obtains the required results through internal execution of the Web Service. Since it is called through the Internet, there must be security issues that can be called by network users. How to implement webservice access permission restriction is an important problem faced by webservice users. Below are two solutions to solve the above problems from shallow to deep.
2. A simple method based on the "soapheader" attribute
1." soapheader" Overview
SOAP header provides a method for passing data to XML Web services methods or pass data from XML Web services methods, provided that the data is not directly related to the main functionality of the XML Web services method. In most cases, it is used to transmit user authentication information. Of course, its role is far more than that, and it remains to be discovered in practical applications.
2.soapheader implements user authentication code
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.Services;
using System.Web.Services.Protocols;
namespace UserCenter
{
public class MySoapHeader :SoapHeader
{
public string UserName
{
get;
set;
}
public string PWD
{
get;
set;
}
}
/// <summary>
/// MyMath 的摘要说明
/// </summary>
[WebService(Namespace = "http://tempuri.org/")]
[WebServiceBinding(ConformsTo = WsiProfiles.BasicProfile1_1)]
[System.ComponentModel.ToolboxItem(false)]
// 若要允许使用 ASP.NET AJAX 从脚本中调用此 Web 服务,请取消对下行的注释。
// [System.Web.Script.Services.ScriptService]
public class MyMath : System.Web.Services.WebService
{
public MySoapHeader sHeader;
[WebMethod]
public string HelloWorld()
{
return "Hello World";
}
[WebMethod]
[SoapHeader("sHeader")]
public string add(int x, int y)
{
if (sHeader.UserName == "test" && sHeader.PWD == "test")
{
return (x + y).ToString();
}
else
{
return null;
}
}
}
}3. Disadvantage analysis:
(1) Service logic and user permission verification logic are mixed, increasing the program size Understand complexity.
(2) Permission logic is not reusable
2. Method based on the "SoapExtensionAttribute" feature
1. Overview of SoapExtensionAttribute and SoapExtension
SoapExtension and SoapExtensio. The two Attribute classes are used to control the general process of serialization and deserialization of webservice, and can control functions such as compression and logging of webservice.
2. Implementation code
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.Services;
using System.Web.Services.Protocols;
namespace XMLClass1.class15.content
{
[AttributeUsage(AttributeTargets.Method)]
public class MyExtensionAttribute : SoapExtensionAttribute
{
int _priority = 1;
public override int Priority
{
get { return _priority; }
set { _priority = value; }
}
public override Type ExtensionType
{
get { return typeof(MyExtension); }
}
}
public class MyExtension : SoapExtension
{
//这个override的方法会被调用四次
//分别是SoapMessageStage BeforeSerialize,AfterSerialize,BeforeDeserialize,AfterDeserialize
public override void ProcessMessage(SoapMessage message)
{
if (message.Stage == SoapMessageStage.AfterDeserialize)//反序列化之后处理
{
bool check = false;
foreach (SoapHeader header in message.Headers)
{
if (header is MySoapHeader)
{
MySoapHeader myHeader = (MySoapHeader)header;
if (myHeader.Name == "admin" || myHeader.PassWord == "admin")
{
check = true;
break;
}
}
}
if (!check)
throw new SoapHeaderException("认证失败", SoapException.ClientFaultCode);
}
}
public override Object GetInitializer(Type type)
{
return GetType();
}
public override Object GetInitializer(LogicalMethodInfo info, SoapExtensionAttribute attribute)
{
return null;
}
public override void Initialize(Object initializer)
{
}
}
public class MySoapHeader : SoapHeader
{
string _name;
string _passWord;
public string Name
{
get { return _name; }
set { _name = value; }
}
public string PassWord
{
get { return _passWord; }
set { _passWord = value; }
}
}
/// <summary>
/// headersoap2 的摘要说明
/// </summary>
[WebService(Namespace = http://tempuri.org/)]
[WebServiceBinding(ConformsTo = WsiProfiles.BasicProfile1_1)]
[System.ComponentModel.ToolboxItem(false)]
// 若要允许使用 ASP.NET AJAX 从脚本中调用此 Web 服务,请取消对下行的注释。
// [System.Web.Script.Services.ScriptService]
public class headersoap2 : System.Web.Services.WebService
{
public MySoapHeader header;
[WebMethod]
[MyExtensionAttribute]
[SoapHeader("header", Direction = SoapHeaderDirection.In)]
public string CheckHeader()
{
//业务逻辑.
return "Something done";
}
}
}The above is Webservice All the security settings, I hope it can give everyone a reference, and I also hope everyone will support the PHP Chinese website.
For more articles related to Webservice security and access control in ASP.NET, please pay attention to the PHP Chinese website!
C# and the .NET Runtime: How They Work TogetherApr 19, 2025 am 12:04 AMC# and .NET runtime work closely together to empower developers to efficient, powerful and cross-platform development capabilities. 1) C# is a type-safe and object-oriented programming language designed to integrate seamlessly with the .NET framework. 2) The .NET runtime manages the execution of C# code, provides garbage collection, type safety and other services, and ensures efficient and cross-platform operation.
C# .NET Development: A Beginner's Guide to Getting StartedApr 18, 2025 am 12:17 AMTo start C#.NET development, you need to: 1. Understand the basic knowledge of C# and the core concepts of the .NET framework; 2. Master the basic concepts of variables, data types, control structures, functions and classes; 3. Learn advanced features of C#, such as LINQ and asynchronous programming; 4. Be familiar with debugging techniques and performance optimization methods for common errors. With these steps, you can gradually penetrate the world of C#.NET and write efficient applications.
C# and .NET: Understanding the Relationship Between the TwoApr 17, 2025 am 12:07 AMThe relationship between C# and .NET is inseparable, but they are not the same thing. C# is a programming language, while .NET is a development platform. C# is used to write code, compile into .NET's intermediate language (IL), and executed by the .NET runtime (CLR).
The Continued Relevance of C# .NET: A Look at Current UsageApr 16, 2025 am 12:07 AMC#.NET is still important because it provides powerful tools and libraries that support multiple application development. 1) C# combines .NET framework to make development efficient and convenient. 2) C#'s type safety and garbage collection mechanism enhance its advantages. 3) .NET provides a cross-platform running environment and rich APIs, improving development flexibility.
From Web to Desktop: The Versatility of C# .NETApr 15, 2025 am 12:07 AMC#.NETisversatileforbothwebanddesktopdevelopment.1)Forweb,useASP.NETfordynamicapplications.2)Fordesktop,employWindowsFormsorWPFforrichinterfaces.3)UseXamarinforcross-platformdevelopment,enablingcodesharingacrossWindows,macOS,Linux,andmobiledevices.
C# .NET and the Future: Adapting to New TechnologiesApr 14, 2025 am 12:06 AMC# and .NET adapt to the needs of emerging technologies through continuous updates and optimizations. 1) C# 9.0 and .NET5 introduce record type and performance optimization. 2) .NETCore enhances cloud native and containerized support. 3) ASP.NETCore integrates with modern web technologies. 4) ML.NET supports machine learning and artificial intelligence. 5) Asynchronous programming and best practices improve performance.
Is C# .NET Right for You? Evaluating its ApplicabilityApr 13, 2025 am 12:03 AMC#.NETissuitableforenterprise-levelapplicationswithintheMicrosoftecosystemduetoitsstrongtyping,richlibraries,androbustperformance.However,itmaynotbeidealforcross-platformdevelopmentorwhenrawspeediscritical,wherelanguageslikeRustorGomightbepreferable.
C# Code within .NET: Exploring the Programming ProcessApr 12, 2025 am 12:02 AMThe programming process of C# in .NET includes the following steps: 1) writing C# code, 2) compiling into an intermediate language (IL), and 3) executing by the .NET runtime (CLR). The advantages of C# in .NET are its modern syntax, powerful type system and tight integration with the .NET framework, suitable for various development scenarios from desktop applications to web services.
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
Video Face Swap
Swap faces in any video effortlessly with our completely free AI face swap tool!
Hot Article
Hot Tools
MinGW - Minimalist GNU for Windows
This project is in the process of being migrated to osdn.net/projects/mingw, you can continue to follow us there. MinGW: A native Windows port of the GNU Compiler Collection (GCC), freely distributable import libraries and header files for building native Windows applications; includes extensions to the MSVC runtime to support C99 functionality. All MinGW software can run on 64-bit Windows platforms.
Dreamweaver Mac version
Visual web development tools
Safe Exam Browser
Safe Exam Browser is a secure browser environment for taking online exams securely. This software turns any computer into a secure workstation. It controls access to any utility and prevents students from using unauthorized resources.
SublimeText3 Mac version
God-level code editing software (SublimeText3)
ZendStudio 13.5.1 Mac
Powerful PHP integrated development environment
