安全性

•完全适用ASP.NET的认证机制
–可以使用FormsAuthentication
•WebService方法可以操作Cookie
–Impersonation
–PrincipalPermission

aspx

    <form id="form1" runat="server">
        <asp:ScriptManager runat="server" ID="ScriptManager1" ScriptMode="Debug">
            <Services>
                <asp:ServiceReference Path="Services/SecurityService.asmx" InlineScript="true" />
            </Services>
        </asp:ScriptManager>    
        
        <input type="button" value="Call" onclick="call()" />
    
        <script language="javascript" type="text/javascript">
            function call()
            {
                SecurityService.HelloWorld(onSucceeded);
            }
            
            function onSucceeded(result)
            {
                alert(result);
            }
        </script>    
    </form>

cs

    protected void Page_Load(object sender, EventArgs e)
    {
        FormsAuthentication.SetAuthCookie("Jeffrey Zhao", false);
    }

如果不加上这一句，WebService就会跑出异常“Please log in first”

SecurityService.asmx

<%@ WebService Language="C#" Class="SecurityService" %>

using System;
using System.Web;
using System.Web.Services;
using System.Web.Services.Protocols;
using System.Web.Script.Services;

[WebService(Namespace = "http://tempuri.org/")]
[WebServiceBinding(ConformsTo = WsiProfiles.BasicProfile1_1)]
[ScriptService]
public class SecurityService : System.Web.Services.WebService
{
    [WebMethod]
    public string HelloWorld()
    {
        if (!HttpContext.Current.User.Identity.IsAuthenticated)
        {
            throw new ApplicationException("Please log in first.");
        }
        
        return "Hello, " + HttpContext.Current.User.Identity.Name;
    }
    
}