平常我经常使用动态随机数加密验证的办法,可以验证客户端的合法性,不过这种方法也蛮不错的。
- using System;
- using System.Collections;
- using System.ComponentModel;
- using System.Data;
- using System.Linq;
- using System.Web;
- using System.Web.Services;
- using System.Web.Services.Protocols;
- using System.Xml.Linq;
- namespace TallyInfo.TIWebService
- {
- /// <summary>
- /// ClientAuthenticate 的摘要说明
- /// </summary>
- [WebService(Namespace = "http://tempuri.org/")]
- [WebServiceBinding(ConformsTo = WsiProfiles.BasicProfile1_1)]
- [ToolBoxItem(false)]
- // 若要允许使用 ASP.NET AJAX 从脚本中调用此 Web 服务,请取消对下行的注释。
- // [System.Web.Script.Services.ScriptService]
- public class ClientAuthenticate : System.Web.Services.WebService
- {
- #region 客户端身份认证
- #region GetTicket
- [WebMethod] //(Description = "票据产生方法,客户端在调用其它方法之前必须先调用该方法认证其身份,验证成功的结果就是返回一个票据")
- public string GetTicket(string identity, string password)
- {
- //Authenticate the client
- if (!Authenticate(identity, password))
- {
- throw new Exception("Invalid identity/Password");
- }
- Guid gTicket = Guid.NewGuid();
- this.Context.Cache.Insert(gTicket.ToString(), true);
- return gTicket.ToString();
- }
- #endregion GetTicket
- #region Authenticate
- /// <summary>
- /// 验证票据
- /// </summary>
- /// <param name="ticket"></param>
- /// <returns></returns>
- private bool Authenticate(string ticket)
- {
- try
- {
- bool bRet = false;
- if ((bool)Context.Cache.Get(ticket))
- {
- bRet = true;
- }
- return bRet;
- }
- catch (NullReferenceException NullEx)
- {
- throw NullEx;
- }
- catch (Exception Ex)
- {
- throw Ex;
- }
- }
- #endregion Authenticate
- #region Authenticate
- /// <summary>
- /// 获取票据之前到数据库验证客户身份
- /// </summary>
- /// <param name="identity"></param>
- /// <param name="password"></param>
- /// <returns></returns>
- private bool Authenticate(string identity, string password)
- {
- bool retAuth = false;
- string sqlString = "SELECT * FROM DataProviders WHERE 标识码 = '" + identity + "' AND 口令 = '" + password + "'";
- //DataSet ds = DbHelpersql.Search(sqlString);
- //if (ds.Tables[0].Rows.Count == 1)
- retAuth = true;
- return retAuth;
- }
- #endregion Authenticate
- #endregion 客户端身份认证
- #region SearchWithsql 执行例程
- [WebMethod]
- public DataSet SearchWithsql(string sqlString, string ticket)
- {
- //在执行方法体响应之前验证票据有效性
- if (!Authenticate(ticket))
- {
- throw new Exception("Invalid Ticket");
- }
- return null;
- //return DbHelpersql.Search(sqlString);
- }
- #endregion SearchWithsql 执行例程
- }
- }
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 [email protected] 举报,一经查实,本站将立刻删除。
