SOAP中的验证
Web Service提供开放式的服务,但是在我们的开发中,需要涉及到访问Web Service权限的问题,这就需要解决控制Web Service的访问权限。
通过SOAP Header,我们可以简单的实现权限控制:
首先创建一个简单的Web Service(SoapCheck):
SoapCheck.cs(注意红色部分注释)
using System;
using System.IO;
using System.Collections;
using System.ComponentModel;
using System.Data;
using System.Data.SqlClient;
using System.Diagnostics;
using System.Web;
using System.Web.Services;
using System.Web.Services.Protocols;
namespace TESTSOAP.WebService
{
[WebService (Namespace="TESTSOAP.WebService",
Description="TESTSOAP Web Services",
Name="TESTSOAP GEID")]
public class SoapCheck : System.Web.Services.WebService
{
//实例化Account对象
public Account oAccount=new Account();
public SoapCheck()
{
InitializeComponent();
strConnection=GetConString();
}
#region Component Designer generated code
//Required by the Web Services Designer
private IContainer components = null;
/// <summary>
/// Required method for Designer support - do not modify
/// the contents of this method with the code editor.
/// </summary>
private void InitializeComponent()
{
}
/// <summary>
/// Clean up any resources being used.
/// </summary>
protected override void Dispose( bool disposing )
{
if(disposing && components != null)
{
components.Dispose();
}
base.Dispose(disposing);
}
#endregion
//需要Soap Header验证的方法前面添加如下
[SoapHeader("oAccount")]
[WebMethod (Description="TESTSOAP GetReturn")]
public string GetReturn()
{
if(oAccount.CheckAccount())
{
return "Login Successed!";
}
else
{
return "Login Fail!";
}
}
}
}
Account类:
继承自SoapHeader,以使用SoapHeader。
Account.cs
using System;
using System.Web.Services.Protocols;
namespace TESTSOAP.WebService
{
public class Account:SoapHeader
{
public string User;
public string PassWord;
public Boolean CheckAccount()
{
if(User=="Admin" && PassWord=="Admin")
{
return true;
}
else
{
return false;
}
}
}
}
Soap Xml格式:
<?xml version="1.0" encoding="utf-8"?>
<soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
<soap:Header>
<Account xmlns=" TESTWebService ">
<User>string</User>
<PassWord>string</PassWord>
</Account>
</soap:Header>
<soap:Body>
<GetGlobalEmpID xmlns=" TESTWebService ">
</GetGlobalEmpID>
</soap:Body>
用用户名和密码替换xml中的红色部分。
客户端调用的VB例子:
Public Function TESTSoap(byval strUser as string,byval strPassWord as string) As String
Dim objHttp As MSXML2.XMLHTTP
Dim strSoap As String
Dim strUrl As String
Dim xmlDoc As MSXML2.DOMDocument
On Error GoTo ErrHandle
Set objHttp = CreateObject("MSXML2.XMLHTTP")
Set xmlDoc = CreateObject("MSXML2.DOMDocument")
strUrl = "http://localhost/SoapCheck.asmx"
strUser = Trim$(strUser)
strPassWord = Trim$(strPassWord)
'生成Soap XML
strSoap = "<?xml version=""1.0"" encoding=""utf-8""?>"
strSoap = strSoap & vbCrLf & "<soap:Envelope xmlns:xsi=""http://www.w3.org/2001/XMLSchema-instance"" "
strSoap = strSoap & vbCrLf & "xmlns:xsd=""http://www.w3.org/2001/XMLSchema"" "
strSoap = strSoap & vbCrLf & "xmlns:soap=""http://schemas.xmlsoap.org/soap/envelope/"">"
strSoap = strSoap & vbCrLf & "<soap:Header>"
strSoap = strSoap & vbCrLf & "<Account xmlns=TESTSOAP.WebService>"
strSoap = strSoap & vbCrLf & "<strUser>" & strUser & "</strUser>"
strSoap = strSoap & vbCrLf & "<strPassWord>" & strPassWord & "</strPassWord>"
strSoap = strSoap & vbCrLf & "</Account>"
strSoap = strSoap & vbCrLf & "</soap:Header>"
strSoap = strSoap & vbCrLf & "<soap:Body>"
strSoap = strSoap & vbCrLf & "<GetReturn xmlns=TESTSOAP.WebService>"
strSoap = strSoap & vbCrLf & "</GetReturn>"
strSoap = strSoap & vbCrLf & "</soap:Body>"
strSoap = strSoap & vbCrLf & "</soap:Envelope>"
objHttp.open "POST", strUrl, False
objHttp.setRequestHeader "Content-Type", "text/xml;charset=utf-8"
objHttp.setRequestHeader "Content-Length", Len(strSoap)
objHttp.setRequestHeader "SOAPAction", strUrl & "GetReturn"
objHttp.send strSoap
xmlDoc.async = False
xmlDoc.loadXML (objHttp.responseText)
TESTSoap = xmlDoc.selectNodes("//soap:Envelope//soap:Body//SoapCheckResponse//GetReturnResult").Item(0).Text
Exit Function
ErrHandle:
TESTSoap = "Communicate With Web Services Error"
End Function