在上篇文章中我们了解了使用自定义SOAP头进行身份验证,使webService服务的身份验证变得灵活,简便。
但是是以明文的方式在网上传输,不能保在传输的过程中被别人截取。所以,为了保证安全性我们必须对,Soap头进行加密,密文的方式传输。
废话就不多说了,下面我们 看看下面的简单的例子:
首先我们在客户端进行对数据的加密:这里我们使用的是64位DES加密算法。
设置密钥(Key)和初始值(IV)可放在配置文件中:
*注:上面的值只有8个字节(64位)
在.cs文件中获取“Key”和“IV”
定义一个加密方法:
这样就完成了加密的过程(用户名,密码,数据可以以参数的形式传入)
在服务 器端同样设置配置文件。这于客户端的是一模一样的。
编写解密方法:
Soap头:
更改上篇中的方法:
如果方法:“ValiHeader”返回的是true 表示验证成功,如果返回的是false表示用户名和密码有误。
有关SoapHeader验证头密码核心代码就 是这样了。其中省略了很多代码。
但是是以明文的方式在网上传输,不能保在传输的过程中被别人截取。所以,为了保证安全性我们必须对,Soap头进行加密,密文的方式传输。
废话就不多说了,下面我们 看看下面的简单的例子:
首先我们在客户端进行对数据的加密:这里我们使用的是64位DES加密算法。
设置密钥(Key)和初始值(IV)可放在配置文件中:
<
appSettings
>
add key ="Key" value ="fdautoit" /> ="IV" ="FDAUTOIT"
</ >
add key ="Key" value ="fdautoit" /> ="IV" ="FDAUTOIT"
</ >
*注:上面的值只有8个字节(64位)
在.cs文件中获取“Key”和“IV”
定义一个加密方法:
private
Encrypt(
p_strEncrypt)
{
// Set the Key and the InitialVector for Encrypt
byte [] key Encoding.UTF8.GetBytes(Key);
[] iv Encoding.UTF8.GetBytes(Iv);
Convent the string to byte[] of the Data [] byteData Encoding.UTF8.GetBytes(p_strEncrypt);
Set Memory space for save the Data MemoryStream memoryData new MemoryStream();
DES des = new DESCryptoServiceProvider();
RC2 des = new RC2CryptoServiceProvider();
Rijndael des = new RijndaelManaged(); TripleDES des TripleDESCryptoServiceProvider();
des.Key key;
des.IV iv;
des.Mode CipherMode.CBC;
Create the Method with the Key and IV ICryptoTransform transform des.CreateEncryptor();
Create the EnCrypt stream CryptoStream cryptostream CryptoStream(memoryData, transform, CryptoStreamMode.Write);
write into the Memory stream try
{
cryptostream.Write(byteData, 0 , byteData.Length);
}
catch
{
throw Exception( Encrypt Data wrong of the write to stream! );
}
cryptostream.FlushFinalBlock();
cryptostream.Close();
return memoryData.ToString(); return Convert.ToBase64String(memoryData.ToArray());
}
在这个方法返回的是一个加密后的数据。
{
// Set the Key and the InitialVector for Encrypt
byte [] key Encoding.UTF8.GetBytes(Key);
[] iv Encoding.UTF8.GetBytes(Iv);
Convent the string to byte[] of the Data [] byteData Encoding.UTF8.GetBytes(p_strEncrypt);
Set Memory space for save the Data MemoryStream memoryData new MemoryStream();
DES des = new DESCryptoServiceProvider();
RC2 des = new RC2CryptoServiceProvider();
Rijndael des = new RijndaelManaged(); TripleDES des TripleDESCryptoServiceProvider();
des.Key key;
des.IV iv;
des.Mode CipherMode.CBC;
Create the Method with the Key and IV ICryptoTransform transform des.CreateEncryptor();
Create the EnCrypt stream CryptoStream cryptostream CryptoStream(memoryData, transform, CryptoStreamMode.Write);
write into the Memory stream try
{
cryptostream.Write(byteData, 0 , byteData.Length);
}
catch
{
throw Exception( Encrypt Data wrong of the write to stream! );
}
cryptostream.FlushFinalBlock();
cryptostream.Close();
return memoryData.ToString(); return Convert.ToBase64String(memoryData.ToArray());
}
void
ValidServiceMethod()
{
Encrypt the username and password of SoapHeader m_strName admin m_strPwd new a SoapHeader and a WebService MySoapHeader myheader MySoapHeader ();
MyService myservice MyService();
myheader .UserName m_strName;
.PassWord m_strPwd;
Set the SoapHeader validate to Service myservice.FDSoapHeaderValue myheader ;
Call Method of webservice myservice.GetMoney();
}
{
Encrypt the username and password of SoapHeader m_strName admin m_strPwd new a SoapHeader and a WebService MySoapHeader myheader MySoapHeader ();
MyService myservice MyService();
myheader .UserName m_strName;
.PassWord m_strPwd;
Set the SoapHeader validate to Service myservice.FDSoapHeaderValue myheader ;
Call Method of webservice myservice.GetMoney();
}
这样就完成了加密的过程(用户名,密码,数据可以以参数的形式传入)
在服务 器端同样设置配置文件。这于客户端的是一模一样的。
>
同样在代码文件中获取其值
编写解密方法:
Decrypt(
p_strDecrypt)
{
Set the Key and the InitialVector for Decrypt Covent the string to byte[] with the Encrypt Data
byte[] EncrypData =Encoding.UTF8.GetBytes(p_strDecrypt); [] EncrypData Convert.FromBase64String(p_strDecrypt);
Set the Memory stream Space for save data Create DES for Decrypt DESCryptoServiceProvider des DESCryptoServiceProvider();
des.Key Decrypt with the key and InitialVector des.CreateDecryptor();
Save to MemoryStream output the data
{
cryptostream.Write(EncrypData, EncrypData.Length);
}
(Exception ex)
{
write to stream wrong! + ex.Message);
}
cryptostream.FlushFinalBlock();
cryptostream.Close();
output data Encoding.UTF8.GetString(memoryData.ToArray());
}
{
Set the Key and the InitialVector for Decrypt Covent the string to byte[] with the Encrypt Data
byte[] EncrypData =Encoding.UTF8.GetBytes(p_strDecrypt); [] EncrypData Convert.FromBase64String(p_strDecrypt);
Set the Memory stream Space for save data Create DES for Decrypt DESCryptoServiceProvider des DESCryptoServiceProvider();
des.Key Decrypt with the key and InitialVector des.CreateDecryptor();
Save to MemoryStream output the data
{
cryptostream.Write(EncrypData, EncrypData.Length);
}
(Exception ex)
{
write to stream wrong! + ex.Message);
}
cryptostream.FlushFinalBlock();
cryptostream.Close();
output data Encoding.UTF8.GetString(memoryData.ToArray());
}
Soap头:
public
class
MySoapHeader : SoapHeader
{
_name;
_passWord;
UserName
{
get { _name; }
set { _name value; }
}
PassWord
{
_passWord; }
{ _passWord value; }
}
}
{
_name;
_passWord;
UserName
{
get { _name; }
set { _name value; }
}
PassWord
{
_passWord; }
{ _passWord value; }
}
}
更改上篇中的方法:
bool
ValiHeader(
out
ReturnMsg)
{
MySoapHeader myheader=new MySoapHeader();
flag false ;
string UserName= Decrypt(myheader.UserName);
string PassWord=Decrypt(myheader.PassWord);
if (UserName == && PassWord )
{
flag true ;
ReturnMsg You Are Successfully ;
}
else
{
ReturnMsg You Are Failted flag;
}
{
MySoapHeader myheader=new MySoapHeader();
flag false ;
string UserName= Decrypt(myheader.UserName);
string PassWord=Decrypt(myheader.PassWord);
if (UserName == && PassWord )
{
flag true ;
ReturnMsg You Are Successfully ;
}
else
{
ReturnMsg You Are Failted flag;
}
[WebMethod]
[SoapHeader("header",Direction = SoapHeaderDirection.In)]
public CheckHeader()
{
string ReturnMsg "" IsTrue ValiHeader( ReturnMsg);
return ReturnMsg;
}
[SoapHeader("header",Direction = SoapHeaderDirection.In)]
public CheckHeader()
{
string ReturnMsg "" IsTrue ValiHeader( ReturnMsg);
return ReturnMsg;
}
如果方法:“ValiHeader”返回的是true 表示验证成功,如果返回的是false表示用户名和密码有误。
有关SoapHeader验证头密码核心代码就 是这样了。其中省略了很多代码。
转载:http://www.cnblogs.com/seebook/archive/2007/07/12/815948.html
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 [email protected] 举报,一经查实,本站将立刻删除。
