简体中文(ZH-CN) English(EN) 繁体中文(ZH-TW) 日本語(JA) 한국어(KO) Melayu(MS) Français(FR) Deutsch(DE)
Home > Backend Development > C#.Net Tutorial > body text

Webservice security in ASP.NET to implement access control

高洛峰
Release: 2017-01-24 09:50:43
Original
2588 people have browsed it

1. Overview:

Web Services are online application services released by enterprises to fulfill their specific business needs. Other companies or application software can access and use this online service through the Internet. It logically provides data and services to other applications. Each application accesses the Web Service through network protocols and some specified standard data formats (Http, XML, Soap), and obtains the required results through internal execution of the Web Service. Since it is called through the Internet, there must be security issues that can be called by network users. How to implement webservice access permission restriction is an important problem faced by webservice users. Below are two solutions to solve the above problems from shallow to deep.

2. A simple method based on the "soapheader" attribute

1." soapheader" Overview

SOAP header provides a method for passing data to XML Web services methods or pass data from XML Web services methods, provided that the data is not directly related to the main functionality of the XML Web services method. In most cases, it is used to transmit user authentication information. Of course, its role is far more than that, and it remains to be discovered in practical applications.

2.soapheader implements user authentication code 

using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.Services;
using System.Web.Services.Protocols;
namespace UserCenter
{
  public class MySoapHeader :SoapHeader
  {
    public string UserName
    {
      get;
      set;
    }
    public string PWD
    {
      get;
      set;
    }
  }
  /// <summary>
  /// MyMath 的摘要说明
  /// </summary>
  [WebService(Namespace = "http://tempuri.org/")]
  [WebServiceBinding(ConformsTo = WsiProfiles.BasicProfile1_1)]
  [System.ComponentModel.ToolboxItem(false)]
  // 若要允许使用 ASP.NET AJAX 从脚本中调用此 Web 服务,请取消对下行的注释。
  // [System.Web.Script.Services.ScriptService]
  public class MyMath : System.Web.Services.WebService
  {
    public MySoapHeader sHeader;
    [WebMethod]
    public string HelloWorld()
    {
      return "Hello World";
    }
    [WebMethod]
    [SoapHeader("sHeader")]
    public string add(int x, int y)
    {
      if (sHeader.UserName == "test" && sHeader.PWD == "test")
      {
        return (x + y).ToString();
      }
      else
      {
        return null;
      }
    }
  }
}
Copy after login

3. Disadvantage analysis:

(1) Service logic and user permission verification logic are mixed, increasing the program size Understand complexity.
(2) Permission logic is not reusable

2. Method based on the "SoapExtensionAttribute" feature

1. Overview of SoapExtensionAttribute and SoapExtension

SoapExtension and SoapExtensio. The two Attribute classes are used to control the general process of serialization and deserialization of webservice, and can control functions such as compression and logging of webservice.

2. Implementation code 

using System;
 
using System.Collections.Generic;
 
using System.Linq;
 
using System.Web;
 
using System.Web.Services;
 
using System.Web.Services.Protocols;
 
namespace XMLClass1.class15.content
 
{
 
  [AttributeUsage(AttributeTargets.Method)]
 
  public class MyExtensionAttribute : SoapExtensionAttribute
 
  {
 
    int _priority = 1;
 
    public override int Priority
 
    {
 
      get { return _priority; }
 
      set { _priority = value; }
 
    }
 
    public override Type ExtensionType
 
    {
 
      get { return typeof(MyExtension); }
 
    }
 
  }
 
  public class MyExtension : SoapExtension
 
  {
 
    //这个override的方法会被调用四次
 
    //分别是SoapMessageStage BeforeSerialize,AfterSerialize,BeforeDeserialize,AfterDeserialize
 
    public override void ProcessMessage(SoapMessage message)
 
    {
 
      if (message.Stage == SoapMessageStage.AfterDeserialize)//反序列化之后处理
 
      {
 
        bool check = false;
 
        foreach (SoapHeader header in message.Headers)
 
        {
 
          if (header is MySoapHeader)
 
          {
 
            MySoapHeader myHeader = (MySoapHeader)header;
 
            if (myHeader.Name == "admin" || myHeader.PassWord == "admin")
 
            {
 
              check = true;
 
              break;
 
            }
 
          }
 
        }
 
        if (!check)
 
          throw new SoapHeaderException("认证失败", SoapException.ClientFaultCode);
 
      }
 
    }
 
    public override Object GetInitializer(Type type)
 
    {
 
      return GetType();
       }
 
    public override Object GetInitializer(LogicalMethodInfo info, SoapExtensionAttribute attribute)
 
    {
 
      return null;
 
    }
 
    public override void Initialize(Object initializer)
 
    {
 
    }
 
  }
 
  public class MySoapHeader : SoapHeader
 
  {
 
    string _name;
 
    string _passWord;
 
    public string Name
 
    {
 
      get { return _name; }
 
      set { _name = value; }
 
    }
 
    public string PassWord
 
    {
 
      get { return _passWord; }
 
      set { _passWord = value; }
 
    }
 
  }
 
  /// <summary>
 
  /// headersoap2 的摘要说明
 
  /// </summary>
 
  [WebService(Namespace = http://tempuri.org/)]
 
  [WebServiceBinding(ConformsTo = WsiProfiles.BasicProfile1_1)]
 
  [System.ComponentModel.ToolboxItem(false)]
 
  // 若要允许使用 ASP.NET AJAX 从脚本中调用此 Web 服务,请取消对下行的注释。
 
  // [System.Web.Script.Services.ScriptService]
 
  public class headersoap2 : System.Web.Services.WebService
 
  {
 
     public MySoapHeader header;
 
    [WebMethod]
 
    [MyExtensionAttribute]
 
    [SoapHeader("header", Direction = SoapHeaderDirection.In)]
 
    public string CheckHeader()
 
    {
 
      //业务逻辑.
 
      return "Something done";
 
    }
 
  }
}
Copy after login

The above is Webservice All the security settings, I hope it can give everyone a reference, and I also hope everyone will support the PHP Chinese website.

For more articles related to Webservice security and access control in ASP.NET, please pay attention to the PHP Chinese website!

Related labels:
ASP.NET Webservice
source:php.cn
Previous article:C# WebService publishing and IIS publishing Next article:The implementation process of boxing and unboxing in .NET
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Latest Articles by Author
Latest Issues
What is the way to get the client's IP address in ASP.NET MVC? I'm completely new to the ASP.NET MVC stack and I'd like to know what's going on with the ...
From 2023-10-14 09:01:56
0
2
220
How to publish Asp.net Core and React.js solutions on IIS I created a solution using ASP.NETCore with React.js templates in VisualStudio2022. In the...
From 2023-09-16 12:53:47
0
1
495
How to resume database migration I have a mysql database but I can't delete it. I'm missing my migration files in an asp.ne...
From 2023-09-09 00:36:28
0
1
236
Method to prevent drop-down list from duplicating items in ASP.NET VB.NET PublicSubTable()DimConnectionAsMySqlConnectionDimDataAdapterAsMySqlDataAdapterDimCommandAs...
From 2023-09-07 09:26:11
0
1
243
asp.net core bff mode with React redirect issue I'm trying to understand how routing from frontend to backend is supposed to work. I'm usi...
From 2023-09-01 19:22:18
0
1
236
Related Topics
More>
Popular Recommendations
Popular Tutorials
More>
Related Tutorials
Popular Recommendations
Latest courses
Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template
About us Disclaimer Sitemap
php.cn:Public welfare online PHP training,Help PHP learners grow quickly!