转载:http://blog.csdn.net/wanderocn/article/details/6584098
WebService head加密,可以对 WebService设置访问用户名和密码,增强 WebService的安全性 使 WebService只能被授权用户使用。
具体实现步骤:
1、 定义一个 soapheader派生类用来实现 WebService访问权限验证
using System.Data; using System.Configuration; using System.Web; using System.Web.Security; using System.Web.UI; using System.Web.UI.HtmlControls; using System.Web.UI.WebControls; using System.Web.UI.WebControls.WebParts; /// <summary> ///MySoapHeader 的摘要说明 /// </summary> public class MySoapHeader:System .Web .Services .Protocols .SoapHeader { private string _uname = string.Empty;//webservice访问用户名 public string Uname { get { return _uname; } set { _uname = value; } } private string _password = string.Empty;//webservice访问密码 public string Password { get { return _password; } set { _password = value; } } public MySoapHeader() { // //TODO: 在此处添加构造函数逻辑 // } public MySoapHeader(string uname, string upass) { init(uname, upass); } private void init(string uname, string upass) { this._password = upass; this._uname = uname; } //验证用户是否有权访问内部接口 private bool isValid(string uname, string upass, out string msg) { msg = ""; if (uname == "admin" && upass =="admin") { return true; } else { msg = "对不起!您无权调用此WebService!"; return false; } } //验证用户是否有权访问外部接口 public bool isValid(out string msg) { return isValid(_uname, _password,out msg); } }
2、 定义有需要验证的 WebService。
using System.Collections; using System.Linq; using System.Web; using System.Web.Services; using System.Web.Services.Protocols; using System.Xml.Linq; /// <summary> ///test 的摘要说明 /// </summary> [WebService(Namespace = "http://tempuri.org/")] [WebServiceBinding(ConformsTo = WsiProfiles.BasicProfile1_1)] //若要允许使用 ASP.NET AJAX 从脚本中调用此 Web 服务,请取消对下行的注释。 // [System.Web.Script.Services.ScriptService] public class test : System.Web.Services.WebService { public test () { //如果使用设计的组件,请取消注释以下行 //InitializeComponent(); } public MySoapHeader myheader = new MySoapHeader(); [WebMethod] public string HelloWorld() {//普通WebService,无需验证 return "Hello World"; } [SoapHeader("myheader")]//加入此头部的WebService需要验证,不加则为普通WebService无需验证 [WebMethod(Description = "根据产品编号查询产品的价格", EnableSession = true)] public string GetProductPrice2(string ProductId) { string msg = ""; //验证是否有权访问 if (!myheader.isValid(out msg)) { return -1;//返回错误信息 } return ProductId; } }
3、 客户端调用方法
引用 WebService定义 WebService名称为 :Myservice。
using System.Configuration; using System.Data; using System.Web; using System.Web.Security; using System.Web.UI; using System.Web.UI.HtmlControls; using System.Web.UI.WebControls; using System.Web.UI.WebControls.WebParts; public partial class _Default : System.Web.UI.Page { protected void Page_Load(object sender, EventArgs e) { myservice.test te = new abc.test(); myservice.MySoapHeader myhead = new MySoapHeader(); myhead.Uname = "admin";//输入WebService访问用户名 myhead.Password = "admin";//输入WebService访问密码 te.MySoapHeaderValue = myhead;// string test = te.GetProductPrice2("ok!"); Response.Write(aa);//用户名、密码输入正确则输出ok 否则输出 错误msg }