Webservice security in ASP.NET to implement access control
1. Overview:
Web Services are online application services released by enterprises to fulfill their specific business needs. Other companies or application software can access and use this online service through the Internet. It logically provides data and services to other applications. Each application accesses the Web Service through network protocols and some specified standard data formats (Http, XML, Soap), and obtains the required results through internal execution of the Web Service. Since it is called through the Internet, there must be security issues that can be called by network users. How to implement webservice access permission restriction is an important problem faced by webservice users. Below are two solutions to solve the above problems from shallow to deep.
2. A simple method based on the "soapheader" attribute
1." soapheader" Overview
SOAP header provides a method for passing data to XML Web services methods or pass data from XML Web services methods, provided that the data is not directly related to the main functionality of the XML Web services method. In most cases, it is used to transmit user authentication information. Of course, its role is far more than that, and it remains to be discovered in practical applications.
2.soapheader implements user authentication code
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.Services;
using System.Web.Services.Protocols;
namespace UserCenter
{
public class MySoapHeader :SoapHeader
{
public string UserName
{
get;
set;
}
public string PWD
{
get;
set;
}
}
/// <summary>
/// MyMath 的摘要说明
/// </summary>
[WebService(Namespace = "http://tempuri.org/")]
[WebServiceBinding(ConformsTo = WsiProfiles.BasicProfile1_1)]
[System.ComponentModel.ToolboxItem(false)]
// 若要允许使用 ASP.NET AJAX 从脚本中调用此 Web 服务,请取消对下行的注释。
// [System.Web.Script.Services.ScriptService]
public class MyMath : System.Web.Services.WebService
{
public MySoapHeader sHeader;
[WebMethod]
public string HelloWorld()
{
return "Hello World";
}
[WebMethod]
[SoapHeader("sHeader")]
public string add(int x, int y)
{
if (sHeader.UserName == "test" && sHeader.PWD == "test")
{
return (x + y).ToString();
}
else
{
return null;
}
}
}
}3. Disadvantage analysis:
(1) Service logic and user permission verification logic are mixed, increasing the program size Understand complexity.
(2) Permission logic is not reusable
2. Method based on the "SoapExtensionAttribute" feature
1. Overview of SoapExtensionAttribute and SoapExtension
SoapExtension and SoapExtensio. The two Attribute classes are used to control the general process of serialization and deserialization of webservice, and can control functions such as compression and logging of webservice.
2. Implementation code
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.Services;
using System.Web.Services.Protocols;
namespace XMLClass1.class15.content
{
[AttributeUsage(AttributeTargets.Method)]
public class MyExtensionAttribute : SoapExtensionAttribute
{
int _priority = 1;
public override int Priority
{
get { return _priority; }
set { _priority = value; }
}
public override Type ExtensionType
{
get { return typeof(MyExtension); }
}
}
public class MyExtension : SoapExtension
{
//这个override的方法会被调用四次
//分别是SoapMessageStage BeforeSerialize,AfterSerialize,BeforeDeserialize,AfterDeserialize
public override void ProcessMessage(SoapMessage message)
{
if (message.Stage == SoapMessageStage.AfterDeserialize)//反序列化之后处理
{
bool check = false;
foreach (SoapHeader header in message.Headers)
{
if (header is MySoapHeader)
{
MySoapHeader myHeader = (MySoapHeader)header;
if (myHeader.Name == "admin" || myHeader.PassWord == "admin")
{
check = true;
break;
}
}
}
if (!check)
throw new SoapHeaderException("认证失败", SoapException.ClientFaultCode);
}
}
public override Object GetInitializer(Type type)
{
return GetType();
}
public override Object GetInitializer(LogicalMethodInfo info, SoapExtensionAttribute attribute)
{
return null;
}
public override void Initialize(Object initializer)
{
}
}
public class MySoapHeader : SoapHeader
{
string _name;
string _passWord;
public string Name
{
get { return _name; }
set { _name = value; }
}
public string PassWord
{
get { return _passWord; }
set { _passWord = value; }
}
}
/// <summary>
/// headersoap2 的摘要说明
/// </summary>
[WebService(Namespace = http://tempuri.org/)]
[WebServiceBinding(ConformsTo = WsiProfiles.BasicProfile1_1)]
[System.ComponentModel.ToolboxItem(false)]
// 若要允许使用 ASP.NET AJAX 从脚本中调用此 Web 服务,请取消对下行的注释。
// [System.Web.Script.Services.ScriptService]
public class headersoap2 : System.Web.Services.WebService
{
public MySoapHeader header;
[WebMethod]
[MyExtensionAttribute]
[SoapHeader("header", Direction = SoapHeaderDirection.In)]
public string CheckHeader()
{
//业务逻辑.
return "Something done";
}
}
}The above is Webservice All the security settings, I hope it can give everyone a reference, and I also hope everyone will support the PHP Chinese website.
For more articles related to Webservice security and access control in ASP.NET, please pay attention to the PHP Chinese website!
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
Video Face Swap
Swap faces in any video effortlessly with our completely free AI face swap tool!
Hot Article
Hot Tools
Notepad++7.3.1
Easy-to-use and free code editor
SublimeText3 Chinese version
Chinese version, very easy to use
Zend Studio 13.0.1
Powerful PHP integrated development environment
Dreamweaver CS6
Visual web development tools
SublimeText3 Mac version
God-level code editing software (SublimeText3)
Hot Topics
1387
52
How to use various symbols in C language
Apr 03, 2025 pm 04:48 PM
The usage methods of symbols in C language cover arithmetic, assignment, conditions, logic, bit operators, etc. Arithmetic operators are used for basic mathematical operations, assignment operators are used for assignment and addition, subtraction, multiplication and division assignment, condition operators are used for different operations according to conditions, logical operators are used for logical operations, bit operators are used for bit-level operations, and special constants are used to represent null pointers, end-of-file markers, and non-numeric values.
What is the role of char in C strings
Apr 03, 2025 pm 03:15 PM
In C, the char type is used in strings: 1. Store a single character; 2. Use an array to represent a string and end with a null terminator; 3. Operate through a string operation function; 4. Read or output a string from the keyboard.
How to handle special characters in C language
Apr 03, 2025 pm 03:18 PM
In C language, special characters are processed through escape sequences, such as: \n represents line breaks. \t means tab character. Use escape sequences or character constants to represent special characters, such as char c = '\n'. Note that the backslash needs to be escaped twice. Different platforms and compilers may have different escape sequences, please consult the documentation.
The difference between char and wchar_t in C language
Apr 03, 2025 pm 03:09 PM
In C language, the main difference between char and wchar_t is character encoding: char uses ASCII or extends ASCII, wchar_t uses Unicode; char takes up 1-2 bytes, wchar_t takes up 2-4 bytes; char is suitable for English text, wchar_t is suitable for multilingual text; char is widely supported, wchar_t depends on whether the compiler and operating system support Unicode; char is limited in character range, wchar_t has a larger character range, and special functions are used for arithmetic operations.
The difference between multithreading and asynchronous c#
Apr 03, 2025 pm 02:57 PM
The difference between multithreading and asynchronous is that multithreading executes multiple threads at the same time, while asynchronously performs operations without blocking the current thread. Multithreading is used for compute-intensive tasks, while asynchronously is used for user interaction. The advantage of multi-threading is to improve computing performance, while the advantage of asynchronous is to not block UI threads. Choosing multithreading or asynchronous depends on the nature of the task: Computation-intensive tasks use multithreading, tasks that interact with external resources and need to keep UI responsiveness use asynchronous.
How to convert char in C language
Apr 03, 2025 pm 03:21 PM
In C language, char type conversion can be directly converted to another type by: casting: using casting characters. Automatic type conversion: When one type of data can accommodate another type of value, the compiler automatically converts it.
What is the function of C language sum?
Apr 03, 2025 pm 02:21 PM
There is no built-in sum function in C language, so it needs to be written by yourself. Sum can be achieved by traversing the array and accumulating elements: Loop version: Sum is calculated using for loop and array length. Pointer version: Use pointers to point to array elements, and efficient summing is achieved through self-increment pointers. Dynamically allocate array version: Dynamically allocate arrays and manage memory yourself, ensuring that allocated memory is freed to prevent memory leaks.
How to use char array in C language
Apr 03, 2025 pm 03:24 PM
The char array stores character sequences in C language and is declared as char array_name[size]. The access element is passed through the subscript operator, and the element ends with the null terminator '\0', which represents the end point of the string. The C language provides a variety of string manipulation functions, such as strlen(), strcpy(), strcat() and strcmp().
