平时写Web Service时经常会对Service的访问进行安全控制,方法很多,这里介绍一下如何用Soap头来进行控制的一例。 第一步,引用需要用到的名称空间
using System;
using System.Xml;
using System.Xml.Serialization;
using System.Web.Services;
using System.Web.Services.Protocols;
第二步,建立自定义的SoapHeader类MySoapHeader
publicclass MySoapHeader : SoapHeader ![](https://www.cnblogs.com/Images/OutliningIndicators/ExpandedBlockStart.gif)
![](https://www.cnblogs.com/Images/OutliningIndicators/ContractedBlock.gif)
{
string _name;
string _passWord;
publicstring Name ![](https://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockStart.gif)
{ ![](https://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockStart.gif)
get
{ return _name; } ![](https://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockStart.gif)
set
{ _name = value; }
}
publicstring PassWord ![](https://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockStart.gif)
{ ![](https://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockStart.gif)
get
{ return _passWord; } ![](https://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockStart.gif)
set
{ _passWord = value; }
}
}
第三步,建立WebSerivce,MyService类有一个MySoapHeader类型的字段公共header,在客户调用CheckHeader之前需要给header付一个新实例,服务器端检验这个实例的成员信息。失败我们抛出一个SoapHeaderException,这个异常的新实例,这里调用两个参数的构造函数。第一个参数是自定义的异常原因,第二个参数我们用SoapException.ClientFaultCode表示客户的调用格式不正确或缺少必要的信息。
[WebService(Namespace ="http://DavidFan.cnblogs.com")]
publicclass MyService : System.Web.Services.WebService ![](https://www.cnblogs.com/Images/OutliningIndicators/ExpandedBlockStart.gif)
![](https://www.cnblogs.com/Images/OutliningIndicators/ContractedBlock.gif)
{
public MySoapHeader header;
[SoapHeader("header", Direction = SoapHeaderDirection.In)]
publicstring CheckHeader() ![](https://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockStart.gif)
{
if (header ==null) ![](https://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockStart.gif)
{
thrownew SoapHeaderException("认证失败", SoapException.ClientFaultCode);
}
else ![](https://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockStart.gif)
{
if (header.Name !="admin"|| header.PassWord !="admin") ![](https://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockStart.gif)
{
thrownew SoapHeaderException("认证失败", SoapException.ClientFaultCode);
}
}
//业务逻辑![](https://www.cnblogs.com/Images/dot.gif)
.
return"Something done";
}
}
第四步,客户端进行调用,这里的MySoapHeader,和MyService类即为WSDL工具生成代理类,对应服务端的上两个类。我们首先new 一个MySoapHeader的新实例,然后付个Myservice的新实例的header字段,最后调用CheckHeader这个服务器的方法,CheckHeader方法的header!=null,接着进行Name和PassWord的验证。 客户端try-catch块内首先捕获SoapHeaderException(如果有的话)。然后捕获Exception。好了整个过程只需这几步。
publicclass ServiceClient ![](https://www.cnblogs.com/Images/OutliningIndicators/ExpandedBlockStart.gif)
![](https://www.cnblogs.com/Images/OutliningIndicators/ContractedBlock.gif)
{
protectedvoid ClientMethod(string name, string passWord) ![](https://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockStart.gif)
{
MySoapHeader h =new MySoapHeader();
h.Name = name;
h.PassWord = passWord;
MyService service =new MyService();
service.header = h;
try ![](https://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockStart.gif)
{
string retval = service.CheckHeader();
Console.WriteLine("Return:"+ retval);
}
catch (SoapHeaderException soapEx) ![](https://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockStart.gif)
{
Console.WriteLine("Soap Header Exception:"+ soapEx.Message);
}
catch (Exception ex) ![](https://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockStart.gif)
{
Console.WriteLine("Exception:"+ ex.Message);
}
}
}
到些为止,利用Soap头的一例简单的介绍完了,扩展应用,就由大家来发挥吧!