WebService的幾種驗證方式


 

轉 http://www.cnblogs.com/yoshiki1895/archive/2009/06/03/1495440.html

 

 

1.1      WebService設計

1.1.1   傳輸基本參數

1.1.2   傳輸數據集合

(1)     數組

(2)     DataSet

1.2      WebService異常處理

1.3      WebService性能

1.4      WebService認證

 請參考WebService認證學習報告

1.4.1   各種認證方式

1.4.1.1      Windows認證

(1)   配置IIS中WebService文件的權限為集成Windows認證

 

(2)   設置Web.Config

<authentication mode= "Windows">

</authentication>

 

 

1.4.2   跟蹤用戶訪問

1.5      WebService調用

1.5.1   Windows認證

(1)   NT認證使用時,Credentials必須指定System.Net.CredentialCache.DefaultCredentials

當設置為default時,客戶端根據服務端配置決定采用NTLM認證還是其他的安全認證

(2)   實例化WebService對象

(3)   添加WebService認證信息

(4)   調用WebService方法

            LocalTest.GIISService localTest = new LocalTest.GIISService();

            CredentialCache credentialCache = new CredentialCache();

            NetworkCredential credentials = new NetworkCredential("XuJian", "password", "Snda");

            credentialCache.Add(new Uri("http://localhost/GIIS/ GIISService.asmx"),

                                "Basic", credentials);

            localTest.Credentials = credentialCache;

            string tt = localTest.Hello("ssssssss");

1.6      GIIS中WebService認證實現

該部分為本次GIIS中實現的認證方式,考慮到相關配置、維護性,不涉及其他認證方式的處理

1.6.1   實現方式

 SOAP Header + DES加解密 + Windows認證

1.6.2   實現原理

(1)   SOAP Header

SOAP包括四個部分: SOAP封裝(envelop),定義描述消息

SOAP編碼規則

                                   SOAP RPC調用和應答協定

                                   SOAP綁定,底層協議交換信息

其中envelop由一個或多個Header和一個Body組成,Header元素的每一個子元素稱為一個SOAP Header

(2)   DES對稱加解密

通過Client端傳輸過來的已加密編碼,在客戶端進行解碼分析,實現認證,認證的user信息來自於GIIS的系統登錄用戶列表

對編碼和解碼的字節類型存儲在Web.Config文件中,要保持一致並對稱,且字符長度需設為8位

 

(3)   集成Windows認證

作為域用戶可以通過該方式來調用、處理WebService,但非域用戶看通過我們自定義的SOAP Header方式來驗證

1.6.3   實現步驟(SOAP)

(1)   設置.asmx文件的訪問權限為“集成Windows認證”,不允許匿名訪問

 

(2)   創建WebService認證類CredentialSoapHeader.cs,繼承SoapHeader

*調用者的信息從系統維護的WscUser表中獲取

namespace XXX.WebService

{

    public class CredentialSoapHeader : System.Web.Services.Protocols.SoapHeader

    {

        #region -- Private Attribute --

        private string m_UserID = string.Empty;

        private string m_Password = string.Empty;

        #endregion

 

        #region -- Private Attribute --

        /// <summary>

        /// user id

        /// </summary>

        public string UserID

        {

            get

            {

                return m_UserID;

            }

            set

            {

                m_UserID = value;

            }

        }

 

        /// <summary>

        /// user password

        /// </summary>

        public string PassWord

        {

            get

            {

                return m_Password;

            }

            set

            {

                m_Password = value;

            }

        }

        #endregion

 

        /// <summary>

        /// initial user id and papssword

        /// </summary>

        /// <param name="userID">user id</param>

        /// <param name="password">user password</param>

        public void Initial(string userID, string password)

        {

            UserID = userID;

            PassWord = password;

        }

 

        /// <summary>

        /// check user when use web service

        /// </summary>

        /// <param name="userID">user id</param>

        /// <param name="password">user password</param>

        /// <param name="message">return message</param>

        /// <returns></returns>

        public bool IsValid(string userID, string password, out string message)

        {

            message = "";

            try

            {

                string userName = Encrypt.DecryptClient(userID);

                string userPassword = Encrypt.DecryptClient(password);

                Entity.GiWscuser userAuthority = new Entity.GiWscuser();

                userAuthority.QueryMode = true;

                userAuthority.Active += true;

                userAuthority.Account += userName.Trim();

                userAuthority.Password += userPassword.Trim();

                DataTable dtblUser = userAuthority.Query(

                    new String[] {userAuthority.Account, userAuthority.Password }, false, -1).Tables[0];

                if (dtblUser.Rows.Count > 0)

                {

                    return true;

                }

                else

                {

                    message = "sorry, you have no access authority for current web service";

                    return false;

                }

            }

            catch(Exception ex)

            {

                message = "sorry, you have no access authority for current web service " + ex.Message;

                return false;

            }

        }

 

        /// <summary>

        /// check user authority

        /// </summary>

        /// <param name="message">message tip</param>

        /// <returns></returns>

        public bool IsValid(out string message)

        {

            return IsValid(m_UserID, m_Password, out message);

        }

    }

}

(3)   創建DES加解密類,實現明文編碼與解碼

     public class Encrypt

     {                 

         private static string ms_Key = System.Configuration.ConfigurationManager.AppSettings["EncryptKey"];

        private static string ms_IV = System.Configuration.ConfigurationManager.AppSettings["EncryptIV"];

 

         /// <summary>

         /// Encrypt a string

         /// </summary>

         /// <param name="ecryptString">string needs to be encrypted</param>

         /// <returns>the encrypted string</returns>

         public static string EncryptClient(string ecryptString)

         {

              if(ecryptString != "")

              {

                   DESCryptoServiceProvider cryptoProvider = new DESCryptoServiceProvider();

                   cryptoProvider.Key = ASCIIEncoding.ASCII.GetBytes(ms_Key);

                   cryptoProvider.IV = ASCIIEncoding.ASCII.GetBytes(ms_IV);

                   MemoryStream memoryStream = new MemoryStream();

                   CryptoStream cryptoStream = new CryptoStream(memoryStream,

                       cryptoProvider.CreateEncryptor(), CryptoStreamMode.Write);

                   StreamWriter streamWriter = new StreamWriter(cryptoStream);

                   streamWriter.Write(ecryptString);

                   streamWriter.Flush();

                   cryptoStream.FlushFinalBlock();

                   memoryStream.Flush();

                   return Convert.ToBase64String(memoryStream.GetBuffer(),0,Int32.Parse(memoryStream.Length.ToString()));

              }

              else

              {

                   return "";

              }

         }

 

         /// <summary>

         /// Decrypt a string

         /// </summary>

         /// <param name="decryptString">string needs to be decrypted</param>

         /// <returns>the decrypted string</returns>

         public static string DecryptClient(string decryptString)

         {

              if(decryptString != "")

              {

                   DESCryptoServiceProvider cryptoProvider = new DESCryptoServiceProvider();

                   cryptoProvider.Key = ASCIIEncoding.ASCII.GetBytes(ms_Key);

                   cryptoProvider.IV = ASCIIEncoding.ASCII.GetBytes(ms_IV);

                   Byte[] buffer = Convert.FromBase64String(decryptString);

                   MemoryStream memoryStream = new MemoryStream(buffer);

                   CryptoStream cryptoStream = new CryptoStream(memoryStream, cryptoProvider.CreateDecryptor(), CryptoStreamMode.Read);

                   StreamReader streamReader = new StreamReader(cryptoStream);

                   return streamReader.ReadToEnd();

              }

              else

              {

                   return "";

              }

         }

 

(4)   在CredentialSoapHeader類中實現用戶認證信息的解碼與合法性檢查,給出異常時的提示信息

見CredentialSoapHeade的代碼

(5)   在目標Service類中實例化CredentialSoapHeader對象,並指定該對象為WebService方法的修飾

Namespace WebServiceAuthority

{

    [WebService(Namespace = "http://tempuri.org/")]

    [WebServiceBinding(ConformsTo = WsiProfiles.BasicProfile1_1)]

    public class GIISService : System.Web.Services.WebService

    {

        public CredentialSoapHeader myHeader = new CredentialSoapHeader();

        /// <summary>

        /// get web service information by authority user

        /// </summary>

        /// <param name="contents">customize content</param>

        /// <returns></returns>

        [SoapHeader("myHeader")]

        [WebMethod(Description = "authority set for Web Service", EnableSession =true)]

        public string HelloWorld(string contents)

        {

            string message = "";

            if (!myHeader.IsValid(out message))

                return message;

            return "Hello World:" + contents;

        }

    }

}

 

1.6.4   Client端調用方法(SOAP)

(1)   添加WebService引用

 

URL地址為對應的GIIS WebService地址,引用的別名自定義

(2)   實例化一個WebService的類對象

LocalService.GIISService localTest = new LocalService.GIISService();

(3)   設置Credentials方式

localTest.Credentials = System.Net.CredentialCache.DefaultCredentials;

(4)   傳遞編碼后的密文

(5)   調用WebService提供的方法

(6)   實現代碼如下:

            LocalService.GIISService localTest = new LocalService.GIISService();

            localTest.Credentials = System.Net.CredentialCache.DefaultCredentials;//default credetials

            LocalService.CredentialSoapHeader header = new LocalService.CredentialSoapHeader();//Create SOAP header

            header.UserID = userName;//Set SOAP header user name information

            header.PassWord = userPassword;//Set SOAP header user password information

            localTest.CredentialSoapHeaderValue = header;

            this.Label1.Text = localTest.HelloWorld("ss");

至此已實現GIIS中的WebService驗證,如單獨采用Windows認證請參見下面的說明


免責聲明!

本站轉載的文章為個人學習借鑒使用,本站對版權不負任何法律責任。如果侵犯了您的隱私權益,請聯系本站郵箱yoyou2525@163.com刪除。



 
粵ICP備18138465號   © 2018-2025 CODEPRJ.COM