我是新手,老板让我做Webserver,实现身份验证,需要用到soapheader,但我不知道soapheader怎么弄,以前从来没有接触过 soapheader.
各位高人,谁能给我个指导或例子,在下不惜放分。
各位高人,谁能给我个指导或例子,在下不惜放分。
解决方案 »
- 急,急,急 删除重复数据
- 求一条SQL语句,困惑中!
- SQL奇怪的问题 。不大,但值得看一下
- 怎么把sql语句结果弄到一张新表中去
- 表中字段有10位、6位,如何JOIN不同的表
- 帮我看下哪的错,谢谢,急
- Login failed. The maximum simultaneous user count of 1 licenses for this 'Standard Edition' server has been exceeded....
- 在SQL Server中如何保存和输出图片
- 请教sql server 中的 image 数据类型
- SQL 2000在WINDOWS SERVER 2003上不能正常运行!!!!!
- 有关sql统计的问题
- 没多少分了,问个简单的数据库恢复问题
是不是一个简单的认证?比如说要用户输入用户和密码?
那你作的是动态网页马?
asp.net吗?
我不懂这个
不过不知道你说的是不是soap下面有一个<head>和<body>
是不是可以在<head>标题模块加什么属性进行身份验证?
快帮忙呀?最好有源代码的发过来,呵呵![email protected]
ASP or C#?
做Webserver,实现用户登陆验证.
SqlConnection cn=new SqlConnection("Server=XX;Database=XX;Uid=XX;Pwd=XX;");
cn.Open();
SqlDataAdapter ad=new SqlDataAdapter("select username,key from TbName where username="+TextBox1.Text+" and key="+TextBox2.Text,cn);
DataSet ds=new DataSet();
ad.Fill(ds,"tb");
DataRow r=ds.Tables["tb"].Rows;
if (r[0].ToString()=TextBox1.Text) && (r[1].ToString()=TextBox2.Text)
{
Response.Redirect("next_web_form.htm");
}
IssueVision 在中IssueVisionWeb项目(此项目用于发布Web Services)中通过创建CredentialSoapHeader类来实现第一步.CredentialSoapHeader.csusing System.Web.Services.Protocols;namespace IssueVision.Web
{
public class CredentialSoapHeader : SoapHeader
{
private string m_username;
private string m_password; public string Username
{
get{ return m_username;} set{ m_username = value;}
} public string Password
{
get{ return m_password;} set{ m_password = value;}
}
}
}
2. 将服务的公共字段声明为该类型,使该SoapHeader在Web Services的公共合同中公开,并在创建代理时可由客户端使用. IssueVision的Web Services----IssueVisionServices.asmx如此实现.IssueVisionServices.asmx代码片断:public class IssueVisionServices : WebService
{
...
private CredentialSoapHeader m_credentials; // custom SOAP header to pass credentials
public CredentialSoapHeader Credentials
{
get { return m_credentials; }
set { m_credentials = value; }
}
.......
} 3. 在Web Services使用 SoapHeader 自定义属性定义一组关联的标头,服务中的每个 WebMethod 都可以使用.(默认情况下,标头是必需的,但也可以定义可选标头) IssueVisionServices.asmx代码片断: ....
[WebMethod(Description="Returns the lookup tables for IssueVision.")]
[SoapHeader("Credentials")]
public IVDataSet GetLookupTables()
{
SecurityHelper.VerifyCredentials(this);
return new IVData().GetLookupTables();
} SecurityHelper类的VerifyCredentials方法用来从Web Services中的SoapHeader类来得到自定义身份验证凭据(如用户名和密码). SecurityHelper.cs代码片断如下:// verifies the clients credentials
public static void VerifyCredentials(IssueVisionServices service)
{
if (service.Credentials == null || service.Credentials.Username == null || service.Credentials.Password == null ) //如果没有认证信息,返回SoapException,这样就不能匿名调用Web Method了
{
EventLogHelper.LogFailureAudit("A login was attempted with missing credential information.");
throw new SoapException(string.Empty, SoapException.ClientFaultCode, "Security");
} string password = Authenticate(service.Credentials);
} // authenticates a user's credentials passed in a custom SOAP header
private static string Authenticate( CredentialSoapHeader header)
{
DataSet dataSet = new DataSet();
string dbPasswordHash; try
{
SqlConnection conn = new SqlConnection(Common.ConnectionString);
SqlCommand cmd = new SqlCommand("GetUser", conn);
cmd.Parameters.Add("@UserName", header.Username);
cmd.CommandType = CommandType.StoredProcedure;
SqlDataAdapter da = new SqlDataAdapter(cmd);
da.Fill(dataSet);
}
catch (Exception ex)
{
EventLogHelper.LogFailureAudit(string.Format("The GetUser stored procedure encounted a problem: {0}", ex.ToString()));
throw new SoapException(string.Empty, SoapException.ServerFaultCode, "Database");
}
// does the user exist?
if (dataSet.Tables[0].Rows.Count == 0)
{
EventLogHelper.LogFailureAudit(string.Format("The username {0} does not exist.", header.Username));
throw new SoapException(string.Empty, SoapException.ClientFaultCode, "Security");
}
else
{
// we found the user, verify the password hash by compare the Salt + PasswordHash
DataRow dataRow = dataSet.Tables[0].Rows[0];
dbPasswordHash = (string)dataRow["PasswordHash"];
string dbPasswordSalt = (string)dataRow["PasswordSalt"]; // create a hash based on the user's salt and the input password
string passwordHash = HashString(dbPasswordSalt + header.Password); // does the computed hash match the database hash?
if (string.Compare(dbPasswordHash, passwordHash) != 0)
{
EventLogHelper.LogFailureAudit(string.Format("The password for the username {0} was incorrect.", header.Username));
throw new SoapException(string.Empty, SoapException.ClientFaultCode, "Security");
}
}
return dbPasswordHash;
} 4. 最后客户端在调用要求标头的方法之前,需直接在代理类上设置标头. IssueVision 的SmartClient端的WebServicesLayer类来调用此Web Services WebServicesLayer.cs程序片断如下:private static IssueVisionServices GetWebServiceReference(string username, string password)
{
IssueVisionServices dataService = new IssueVisionServices();
//<ReplaceWithWse>
CredentialSoapHeader header = new CredentialSoapHeader();
header.Username = username;
header.Password = password;
dataService.CredentialSoapHeaderValue = header;
//</ReplaceWithWse>
InitWebServiceProxy(dataService);
return dataService;
}