1. 首頁
  2. 問答
  3. 驗證Web服務選項

驗證Web服務選項

2010-09-15 122 views
0

我是Web服務和.NET的新手。 我必須驗證正在使用http post訪問的Web服務。驗證Web服務選項

我試着把一個自定義的肥皂標題,並將其發送到服務,並檢查服務中的標題,但標題對象始終爲空的服務。

此外,如果我把用戶名和密碼選項放在http標題中,我如何在服務器上驗證它們?

在此先感謝

客戶端代碼:

private void button1_Click(object sender, EventArgs e) 
     { 
      HttpWebRequest request; 

      string strSOAPRequestBody = "<?xml version=\"1.0\" encoding=\"utf-8\"?>" + 
      "<soap:Envelope xmlns:soap=\"http://schemas.xmlsoap.org/soap/envelope/\">"+ 
      "<soap:Header>"+ 
      "<AuthHeader xmlns=\"http://tempuri.org/\">" + 
      "<Username>apple</Username>"+ 
      "<Password>apple</Password>"+ 
      "</AuthHeader>"+ 
      "</soap:Header>"+ 
      "<soap:Body xmlns=\"http://tempuri.org/\">"+ 
      "<HelloWorld>"+ 
      "</soap:Body>"+ 
      "</soap:Envelope>"; 

      request = (HttpWebRequest)WebRequest.Create("http://localhost:1494/Service1.asmx/HelloWorld"); 
      request.Accept = "text/xml"; 
      request.Method = "POST"; 
      request.ContentType = "application/soap+xml; charset=utf-8"; 
      request.ContentLength = strSOAPRequestBody.Length; 


      using (Stream stream = request.GetRequestStream()) 
      { 
       using (StreamWriter sw = new StreamWriter(stream)) 
       { 
        sw.Write(strSOAPRequestBody); 
        sw.Flush(); 
       } 
      } 
      using (HttpWebResponse response = (HttpWebResponse)request.GetResponse()) 
      { 
       using (StreamReader responseStream = new StreamReader(response.GetResponseStream())) 
       { 
        txtResponse.Text = System.Web.HttpUtility.HtmlDecode(responseStream.ReadToEnd()); 
       } 
      } 
     }

服務

public class Service1 : System.Web.Services.WebService 
    { 


     public AuthHeader Authentication; 

     [WebMethod] 
     [SoapHeader("Authentication", Direction = SoapHeaderDirection.In)] 
     public XmlDocument HelloWorld() 
     { 
      XmlDocument response = new XmlDocument(); 
      try 
      { 

       //Boolean validateUser = Membership.ValidateUser(Authentication.Username, Authentication.Password); 
       if (Authentication != null) 
       { 
        response.LoadXml(String.Format("{0}{1}{2}", "<BOM>", "Hurray", "</BOM>")); 
       } 

      } 
      catch(Exception ex) 
      { 
       response.LoadXml(String.Format("{0}{1}{2}", "<Error>", ex.Message, "</Error>")); 
      } 
       return response; 
     } 
    }

來源

2010-09-15 Dheeraj

回答

2

問題是與客戶端代碼:

  • 將URI服務URI (即asmx文件)
  • 將soap動作添加爲標題(即的HelloWorld)
  • 將內容類型爲文本/ XML
  • 更改SOAP請求,包括對SOAP方法的命名空間,而不是body元素

試試這個:

HttpWebRequest request; 

string strSOAPRequestBody = "<?xml version=\"1.0\" encoding=\"utf-8\"?>" + 
"<soap:Envelope xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns:xsd=\"http://www.w3.org/2001/XMLSchema\" xmlns:soap=\"http://schemas.xmlsoap.org/soap/envelope/\">" + 
" <soap:Header>" + 
" <AuthHeader xmlns=\"http://tempuri.org/\">" + 
"  <Username>string</Username>" + 
"  <Password>string</Password>" + 
" </AuthHeader>" + 
" </soap:Header>" + 
" <soap:Body>" + 
" <HelloWorld xmlns=\"http://tempuri.org/\" />" + 
" </soap:Body>" + 
"</soap:Envelope>"; 

request = (HttpWebRequest)WebRequest.Create("http://localhost:1494/Service1.asmx"); 
request.Accept = "text/xml"; 
request.Method = "POST"; 
request.ContentType = "text/xml;charset=\"utf-8\""; 
request.Headers.Add("SOAPAction", "\"http://tempuri.org/HelloWorld\"");  
request.ContentLength = strSOAPRequestBody.Length; 

using (Stream stream = request.GetRequestStream()) 
{ 
    using (StreamWriter sw = new StreamWriter(stream)) 
    { 
     sw.Write(strSOAPRequestBody); 
     sw.Flush(); 
    } 
} 
using (HttpWebResponse response = (HttpWebResponse)request.GetResponse()) 
{ 
    using (StreamReader responseStream = new StreamReader(response.GetResponseStream())) 
    { 
     Console.WriteLine((responseStream.ReadToEnd())); 
    } 
}

如果你這樣做你應該收到迴應:

<?xml version="1.0" encoding="utf-8"?> 
    <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3 
.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">  
    <soap:Body><HelloWorldResponse xmlns="http://tempuri.org/"> 
     <HelloWorldResult> 
     <BOM xmlns="">Hurray</BOM> 
     </HelloWorldResult> 
    </HelloWorldResponse> 
    </soap:Body> 
</soap:Envelope>

驗證用戶名和密碼將取決於你的實現 - 如果你有asp.net成員資格,那麼你應該能夠使用ValidateUser方法。另請注意,如果您未使用SSL,則通過電話線發送時,用戶名和密碼將可見。

另一個需要注意的是,手工將XML編寫成字符串幾乎總是一個壞主意,所以(至少)使用XML框架類來生成正確的XML。更好的是使用Web服務工具包。

來源

2010-09-16 03:56:01

+3

另外,避免使用字符串創建XML。如果用戶的密碼中包含以下任何字符,它會變得繁榮:<, >,&(以及更多)。請參閱http://dotnetslackers.com/articles/aspnet/Securing-ASP-Net-Web-Services-with-Forms-Authentication.aspx中的文章,以獲得更好的(且非常相似,因此更改應該很少)的實現使用Forms Authentication來保護Web服務的安全。 – 2010-09-16 07:15:04

+0

@Andreas Paulsson,好文章。我同意。手工製作XML並不是製作實施的方式 - 至少使用XML框架類。 – 2010-09-16 07:45:39

+0

謝謝大家,我會避免使用字符串中的XML。謝謝Tuzo。 – Dheeraj 2010-09-16 12:46:36

相關問題

 相關問題