1.1 WebService设计
1.1.1 传输基本参数
1.1.2 传输数据集合
(1) 数组
(2) DataSet
1.2 WebService异常处理
1.3 WebService性能
1.4 WebService认证
请参考 WebService认证学习报告
1.4.1 各种认证方式
1.4.1.1 Windows认证
(1) 配置 IIS中 WebService文件的权限为集成 Windows认证
(2) 设置 Web.Config
<authentication mode= "Windows">
</authentication>
1.4.2 跟踪用户访问
1.5 WebService调用
1.5.1 Windows认证
(1) NT认证使用时, Credentials必须指定 System.Net.CredentialCache.DefaultCredentials
当设置为 default时,客户端根据服务端配置决定采用 NTLM认证还是其他的安全认证
(2) 实例化 WebService对象
(3) 添加 WebService认证信息
LocalTest.GIISService localTest = new LocalTest.GIISService();
CredentialCache credentialCache = new CredentialCache();
NetworkCredential credentials = new NetworkCredential("XuJian","password","Snda");
credentialCache.Add(new Uri("http://localhost/GIIS/ GIISService.asmx"),
"Basic",credentials);
localTest.Credentials = credentialCache;
string tt = localTest.Hello("ssssssss");
1.6 GIIS中WebService 认证实现
该部分为本次 GIIS中实现的认证方式,考虑到相关配置、维护性,不涉及其他认证方式的处理
1.6.1 实现方式
SOAP Header + DES加解密 + Windows认证
1.6.2 实现原理
(1) SOAP Header
SOAP包括四个部分: SOAP封装 (envelop),定义描述消息
SOAP编码规则
SOAP RPC 调用和应答协定
SOAP 绑定,底层协议交换信息
其中 envelop由一个或多个 Header和一个 Body组成, Header元素的每一个子元素称为一个 SOAP Header
(2) DES对称加解密
通过 Client端传输过来的已加密编码,在客户端进行解码分析,实现认证,认证的 user信息来自于 GIIS的系统登录用户列表
对编码和解码的字节类型存储在 Web.Config文件中,要保持一致并对称,且字符长度需设为 8 位
(3) 集成 Windows认证
作为域用户可以通过该方式来调用、处理 WebService,但非域用户看通过我们自定义的 SOAP Header方式来验证
1.6.3 实现步骤( SOAP)
(1) 设置 .asmx文件的访问权限为“集成 Windows认证”,不允许匿名访问
(2) 创建 WebService认证类 CredentialSoapHeader.cs,继承 SoapHeader
| namespace XXX.WebService { public class CredentialSoapHeader : System.Web.Services.Protocols.soapHeader { #region -- Private Attribute -- private string m_UserID = string .Empty; private string m_Password = string .Empty; #endregion
#region -- Private Attribute -- /// <summary> /// user id /// </summary> public string UserID { get { return m_UserID; } set { m_UserID = value ; } }
/// <summary> /// user password /// </summary> public string PassWord { get { return m_Password; } set { m_Password = value ; } } #endregion
/// <summary> /// initial user id and papssword /// </summary> /// <param name="userID"> user id </param> /// <param name="password"> user password </param> public void Initial(string userID, string password) { UserID = userID; PassWord = password; }
/// <summary> /// check user when use web service /// </summary> /// <param name="userID"> user id </param> /// <param name="password"> user password </param> /// <param name="message"> return message </param> /// <returns></returns> public bool IsValid(string userID, string password, out string message) { message = "" ; try { string userName = Encrypt.DecryptClient(userID); string userPassword = Encrypt.DecryptClient(password); Entity.GiWscuser userAuthority = new Entity.GiWscuser(); userAuthority.QueryMode = true ; userAuthority.Active += true ; userAuthority.Account += userName.Trim(); userAuthority.Password += userPassword.Trim(); DataTable dtblUser = userAuthority.Query( new String[] {userAuthority.Account,userAuthority.Password },false,-1).Tables[0]; if (dtblUser.Rows.Count > 0) { return true ; } else { message = "sorry,you have no access authority for current web service" ; return false ; } } catch (Exception ex) { message = "sorry,you have no access authority for current web service " + ex.Message; return false ; } }
/// <summary> /// check user authority /// </summary> /// <param name="message"> message tip </param> /// <returns></returns> public bool IsValid(out string message) { return IsValid(m_UserID, m_Password, out message); } } } |
(3) 创建 DES加解密类,实现明文编码与解码
| public class Encrypt { private static string ms_Key = System.Configuration.ConfigurationManager.AppSettings["EncryptKey" ]; private static string ms_IV = System.Configuration.ConfigurationManager.AppSettings["EncryptIV" ];
/// <summary> /// Encrypt a string /// </summary> /// <param name="ecryptString"> string needs to be encrypted </param> /// <returns> the encrypted string </returns> public static string EncryptClient(string ecryptString) { if (ecryptString != "" ) { DESCryptoServiceProvider cryptoProvider = new DESCryptoServiceProvider (); cryptoProvider.Key = ASCIIEncoding .ASCII.GetBytes(ms_Key); cryptoProvider.IV = ASCIIEncoding .ASCII.GetBytes(ms_IV); MemoryStream memoryStream = new MemoryStream (); CryptoStream cryptoStream = new CryptoStream (memoryStream, cryptoProvider.CreateEncryptor(),CryptoStreamMode .Write); StreamWriter streamWriter = new StreamWriter (cryptoStream); streamWriter.Write(ecryptString); streamWriter.Flush(); cryptoStream.FlushFinalBlock(); memoryStream.Flush(); return Convert .ToBase64String(memoryStream.GetBuffer(),Int32 .Parse(memoryStream.Length.ToString())); } else { return "" ; } }
/// <summary> /// Decrypt a string /// </summary> /// <param name="decryptString"> string needs to be decrypted </param> /// <returns> the decrypted string </returns> public static string DecryptClient(string decryptString) { if (decryptString != "" ) { DESCryptoServiceProvider cryptoProvider = new DESCryptoServiceProvider (); cryptoProvider.Key = ASCIIEncoding .ASCII.GetBytes(ms_Key); cryptoProvider.IV = ASCIIEncoding .ASCII.GetBytes(ms_IV); Byte [] buffer = Convert .FromBase64String(decryptString); MemoryStream memoryStream = new MemoryStream (buffer); CryptoStream cryptoStream = new CryptoStream (memoryStream,cryptoProvider.CreateDecryptor(),CryptoStreamMode .Read); StreamReader streamReader = new StreamReader (cryptoStream); return streamReader.ReadToEnd(); } else { return "" ; } } |
(4) 在 CredentialSoapHeader类中实现用户认证信息的解码与合法性检查,给出异常时的提示信息
见 CredentialSoapHeade的代码
(5) 在目标 Service类中实例化 CredentialSoapHeader对象,并指定该对象为 WebService方法的修饰
| Namespace WebServiceAuthority { [WebService(Namespace = "http://tempuri.org/" )] [WebServiceBinding(ConformsTo = WsiProfiles.BasicProfile1_1)] public class GIISService : System.Web.Services.WebService { public CredentialSoapHeader myHeader = new CredentialSoapHeader(); /// <summary> /// get web service @R_741_4045@ion by authority user /// </summary> /// <param name="contents"> customize content </param> /// <returns></returns> [SoapHeader("myHeader" )] [WebMethod(Description = "authority set for Web Service",EnableSession = true )] public string HelloWorld(string contents) { string message = "" ; if (!myHeader.IsValid(out message)) return message; return "Hello World:" + contents; } } } |
1.6.4 Client端调用方法( SOAP)
(1) 添加 WebService引用
URL地址为对应的 GIIS WebService地址,引用的别名自定义
(2) 实例化一个 WebService的类对象
LocalService.GIISService localTest = new LocalService.GIISService();
(3) 设置 Credentials方式
localTest.Credentials = System.Net.CredentialCache.DefaultCredentials;
(4) 传递编码后的密文
(6) 实现代码如下:
| LocalService.GIISService localTest = new LocalService.GIISService(); localTest.Credentials = System.Net.CredentialCache.DefaultCredentials;//default credetials LocalService.CredentialSoapHeader header = new LocalService.CredentialSoapHeader();//Create SOAP header header.UserID = userName;//Set SOAP header user name @R_741_4045@ion header.PassWord = userPassword;//Set SOAP header user password @R_741_4045@ion localTest.CredentialSoapHeaderValue = header; this .Label1.Text = localTest.HelloWorld("ss" ); |
至此已实现 GIIS中的 WebService验证,如单独采用 Windows认证请参见下面的说明
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 [email protected] 举报,一经查实,本站将立刻删除。
