利用SoapHeader验证web service调用的合法性(dwonmoon)
本文主要通過示例介紹利用SoapHeader驗(yàn)證web service調(diào)用的合法性,
一建立Web service項(xiàng)目,新建一個(gè)APIService.asmx
其后臺(tái)代碼如下
using System;
using System.Data;
using System.Configuration;
using System.Web;
using System.Web.Security;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Web.UI.WebControls.WebParts;
using System.Web.UI.HtmlControls;
using System.Web.Services.Protocols;
namespace Downmoon.API
{
/// <summary>
/// GlobalSetting 的摘要說明
/// </summary>
public class APIService : System.Web.Services.WebService
??? {
public APIService()
??????? {
//SHeader = new SecuritySoapHeader();
??????? }
public class SecuritySoapHeader : SoapHeader
??????? {
#region Bak
private string _userName = string.Empty;
private string _pwd = string.Empty;
/**/
/// <summary>
/// 用戶名
/// </summary>
public string InvokeUserName
??????????? {
get
??????????????? { return _userName; }
set
??????????????? { _userName = value; }
??????????? }
/**/
/// <summary>
/// 密碼
/// </summary>
public string InvokeUserPwd
??????????? {
get
??????????????? { return _pwd; }
set
??????????????? { _pwd = value; }
??????????? }
#endregion
??????? }
#region Members
public SecuritySoapHeader SHeader = new SecuritySoapHeader();
private string _userName = string.Empty;
private string _pwd = string.Empty;
public string InvokeUserName
??????? {
get
??????????? { return _userName; }
set
??????????? { _userName = value; }
??????? }
public string InvokeUserPwd
??????? {
get
??????????? { return _pwd; }
set
??????????? { _pwd = value; }
??????? }
public static string SecurityUserID
??????? {
get
??????????? {
try
??????????????? {
return System.Configuration.ConfigurationManager.AppSettings["SecurityUserID"].ToString().Trim();
??????????????? }
catch
??????????????? {
return "歡迎與邀月交流,net技術(shù)與軟件架構(gòu)";
??????????????? }
??????????? }
??????? }
public static string SecurityUserPWD
??????? {
get
??????????? {
try
??????????????? {
return System.Configuration.ConfigurationManager.AppSettings["SecurityUserPWD"].ToString().Trim();
??????????????? }
catch
??????????????? {
return "S2H3I4l5p6q7";
??????????????? }
??????????? }
??????? }
#endregion
#region? Methods
#region CheckHeader
public bool IsLegalInvoked()
??????? {
return IsLegalInvoked(this.SHeader);
??????? }
public virtual bool IsLegalInvoked(SecuritySoapHeader header)
??????? {
bool bl = false;
if (header == null)
??????????? {
//return "您沒有設(shè)置SoapHeader,不能正常訪問此服務(wù)!";
return bl;
??????????? }
else if (header.InvokeUserName == null || header.InvokeUserName.Trim().Length == 0 || header.InvokeUserPwd == null || header.InvokeUserPwd.Trim().Length == 0)
??????????? { return bl; }
if (header.InvokeUserName.Trim() != SecurityUserID || header.InvokeUserPwd.Trim() != SecurityUserPWD)
??????????? {
//return "您提供的身份驗(yàn)證信息有誤,不能正常訪問此服務(wù)!";
return bl;
??????????? }
??????????? bl = true;
return bl;
??????? }
#endregion
#region ERRORHandle
private clsBasePage bp;
public void ErrorHandle(string strMessage)
??????? {
if (bp == null)
??????????? {
??????????????? bp = new clsBasePage();
??????????? }
else
??????????? {
??????????????? bp.ErrorStop(strMessage);
return;
??????????? }
??????? }
#endregion
#endregion
??? }
}
二、添加一個(gè)PassPort.asmx,繼承APIWebService,主要是為了重用SoapHeader,
調(diào)用方法如下(紅色代碼部分):
using System;
using System.Web;
using System.Collections;
using System.Web.Services;
using System.Web.Services.Protocols;
using System.ComponentModel;
namespace Downmoon.API
{
/// <summary>
/// PassPort 的摘要說明 Downmoon Last Modified?
/// </summary>
??? [WebService(Namespace = "歡迎與邀月交流,net技術(shù)與軟件架構(gòu).API")]
??? [WebServiceBinding(ConformsTo = WsiProfiles.BasicProfile1_1)]
public class PassPort : APIService
??? {
public PassPort()
??????? {
??????? }
#region Members
#endregion
#region? Methods
#region 測試安全信息
??????? [WebMethod(Description = "Test Safe Invoke", EnableSession = true, CacheDuration = 30),SoapHeader("SHeader")]???????
??????? public string HelloWorld()
??????? {
??????????? if(IsLegalInvoked())
??????????? {
??????????? return "Suceed!";
??????????? }
??????????? else{
??????????????? return "Illegal Invoke!";
??????????? }
??????? }
??????? #endregion
#endregion
??? }
}
三、建立Vs2005測試項(xiàng)目,并添加一個(gè)測試類(vs2005會(huì)自動(dòng)生成,呵呵)
修改后代碼如下:
// 以下代碼由 Microsoft Visual Studio 2005 生成。
// 測試所有者應(yīng)該檢查每個(gè)測試的有效性。
using Microsoft.VisualStudio.TestTools.UnitTesting;
using System;
using System.Text;
using System.Collections.Generic;
namespace TestAPI2005
{
/// <summary>
///這是 Downmoon.API.PassPort 的測試類,旨在
///包含所有 Downmoon.API.PassPort 單元測試
///</summary>
??? [TestClass()]
public class PassPortTest
??? {
private TestContext testContextInstance;
/// <summary>
///獲取或設(shè)置測試上下文,上下文提供
///有關(guān)當(dāng)前測試運(yùn)行及其功能的信息。
///</summary>
public TestContext TestContext
??????? {
get
??????????? {
return testContextInstance;
??????????? }
set
??????????? {
??????????????? testContextInstance = value;
??????????? }
??????? }
#region 附加測試屬性
//編寫測試時(shí),可使用以下附加屬性:
#region InitTest
public static string invokeusername;
public static string invokeuserpwd;
public static string username;
public static string userIP;
public static string ConnKey;
public static string ConnValue;
public static int rowCount;
public static DateTime ldNow;
#endregion
??????? [ClassInitialize()]
public static void MyClassInitialize(TestContext testContext)
??????? {
??????????? invokeusername = "歡迎與邀月交流,net技術(shù)與軟件架構(gòu)";
??????????? invokeuserpwd = "S2H3I4l5p6q7";
??????????? username = "歡迎與邀月交流,net技術(shù)與軟件架構(gòu)";
??????????? userIP = "10.103.33.6";
??????????? ConnKey = "";
??????????? ConnValue = "";
??????????? rowCount = 0;
??????????? ldNow = DateTime.Now;
??????? }
??????? [ClassCleanup()]
public static void MyClassCleanup()
??????? {
??????????? invokeusername = null;
??????????? invokeuserpwd = null;
??????? }
//使用 TestInitialize 在運(yùn)行每個(gè)測試前先運(yùn)行代碼
//[TestInitialize()]
//public void MyTestInitialize()
//{
//}
//使用 TestCleanup 在運(yùn)行完每個(gè)測試后運(yùn)行代碼
//[TestCleanup()]
//public void MyTestCleanup()
//{
//}
#endregion
#region HelloWorld () 的測試
/// <summary>
///HelloWorld () 的測試
///</summary>
??????? [TestMethod]
public void HelloWorldTest()
??????? {
try
??????????? {
??????????????? TestAPI.PassPort.PassPort target = new TestAPI.PassPort.PassPort();
??????????????? target.SecuritySoapHeaderValue = new TestAPI.PassPort.SecuritySoapHeader();
??????????????? target.SecuritySoapHeaderValue.InvokeUserName = invokeusername;
??????????????? target.SecuritySoapHeaderValue.InvokeUserPwd = invokeuserpwd;
string str = target.HelloWorld();
??????????????? Console.WriteLine(str);//Console.WriteLine("Result:" + str);
??????????????? Assert.AreEqual(str, "Suceed!", false);
??????????? }
catch (Exception ex)
??????????? {
??????????????? Assert.Fail("單元測試生成錯(cuò)誤: "+ex.Message);
Console.WriteLine(ex.Message);
??????????? }
??????? }
#endregion
??? }
}
四、在測試管理器中勾選該測試類
右鍵“運(yùn)行選中的測試”,即可看到運(yùn)行結(jié)果:通過!
標(biāo)準(zhǔn)輸出 Suceed!
此時(shí)如果在瀏覽器中直接調(diào)用該服務(wù),將會(huì)出現(xiàn) “Illegal Invoke!”
OK! 結(jié)束
以上代碼適用于.net 2.0及Vsts 2005。應(yīng)該也可以適用于vs2003。
邀月注:本文版權(quán)由邀月和博客園共同所有,轉(zhuǎn)載請(qǐng)注明出處。
助人等于自助!?? 3w@live.cn
轉(zhuǎn)載于:https://www.cnblogs.com/hsapphire/archive/2010/02/06/1664923.html
總結(jié)
以上是生活随笔為你收集整理的利用SoapHeader验证web service调用的合法性(dwonmoon)的全部內(nèi)容,希望文章能夠幫你解決所遇到的問題。
- 上一篇: java8新特性和汪文君Google G
- 下一篇: android网易云音乐api接口,网易