1. 首页
  2. 问答
  3. 验证Web服务选项

验证Web服务选项

2010-09-15 131 views
0

我是Web服务和.NET的新手。 我必须验证正在使用http post访问的Web服务。验证Web服务选项

我试着把一个自定义的肥皂标题,并将其发送到服务,并检查服务中的标题,但标题对象始终为空的服务。

此外,如果我把用户名和密码选项放在http标题中,我如何在服务器上验证它们?

在此先感谢

客户端代码:

private void button1_Click(object sender, EventArgs e) 
     { 
      HttpWebRequest request; 

      string strSOAPRequestBody = "<?xml version=\"1.0\" encoding=\"utf-8\"?>" + 
      "<soap:Envelope xmlns:soap=\"http://schemas.xmlsoap.org/soap/envelope/\">"+ 
      "<soap:Header>"+ 
      "<AuthHeader xmlns=\"http://tempuri.org/\">" + 
      "<Username>apple</Username>"+ 
      "<Password>apple</Password>"+ 
      "</AuthHeader>"+ 
      "</soap:Header>"+ 
      "<soap:Body xmlns=\"http://tempuri.org/\">"+ 
      "<HelloWorld>"+ 
      "</soap:Body>"+ 
      "</soap:Envelope>"; 

      request = (HttpWebRequest)WebRequest.Create("http://localhost:1494/Service1.asmx/HelloWorld"); 
      request.Accept = "text/xml"; 
      request.Method = "POST"; 
      request.ContentType = "application/soap+xml; charset=utf-8"; 
      request.ContentLength = strSOAPRequestBody.Length; 


      using (Stream stream = request.GetRequestStream()) 
      { 
       using (StreamWriter sw = new StreamWriter(stream)) 
       { 
        sw.Write(strSOAPRequestBody); 
        sw.Flush(); 
       } 
      } 
      using (HttpWebResponse response = (HttpWebResponse)request.GetResponse()) 
      { 
       using (StreamReader responseStream = new StreamReader(response.GetResponseStream())) 
       { 
        txtResponse.Text = System.Web.HttpUtility.HtmlDecode(responseStream.ReadToEnd()); 
       } 
      } 
     }

服务

public class Service1 : System.Web.Services.WebService 
    { 


     public AuthHeader Authentication; 

     [WebMethod] 
     [SoapHeader("Authentication", Direction = SoapHeaderDirection.In)] 
     public XmlDocument HelloWorld() 
     { 
      XmlDocument response = new XmlDocument(); 
      try 
      { 

       //Boolean validateUser = Membership.ValidateUser(Authentication.Username, Authentication.Password); 
       if (Authentication != null) 
       { 
        response.LoadXml(String.Format("{0}{1}{2}", "<BOM>", "Hurray", "</BOM>")); 
       } 

      } 
      catch(Exception ex) 
      { 
       response.LoadXml(String.Format("{0}{1}{2}", "<Error>", ex.Message, "</Error>")); 
      } 
       return response; 
     } 
    }

来源

2010-09-15 Dheeraj

回答

2

问题是与客户端代码:

  • 将URI服务URI (即asmx文件)
  • 将soap动作添加为标题(即的HelloWorld)
  • 将内容类型为文本/ XML
  • 更改SOAP请求,包括对SOAP方法的命名空间,而不是body元素

试试这个:

HttpWebRequest request; 

string strSOAPRequestBody = "<?xml version=\"1.0\" encoding=\"utf-8\"?>" + 
"<soap:Envelope xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns:xsd=\"http://www.w3.org/2001/XMLSchema\" xmlns:soap=\"http://schemas.xmlsoap.org/soap/envelope/\">" + 
" <soap:Header>" + 
" <AuthHeader xmlns=\"http://tempuri.org/\">" + 
"  <Username>string</Username>" + 
"  <Password>string</Password>" + 
" </AuthHeader>" + 
" </soap:Header>" + 
" <soap:Body>" + 
" <HelloWorld xmlns=\"http://tempuri.org/\" />" + 
" </soap:Body>" + 
"</soap:Envelope>"; 

request = (HttpWebRequest)WebRequest.Create("http://localhost:1494/Service1.asmx"); 
request.Accept = "text/xml"; 
request.Method = "POST"; 
request.ContentType = "text/xml;charset=\"utf-8\""; 
request.Headers.Add("SOAPAction", "\"http://tempuri.org/HelloWorld\"");  
request.ContentLength = strSOAPRequestBody.Length; 

using (Stream stream = request.GetRequestStream()) 
{ 
    using (StreamWriter sw = new StreamWriter(stream)) 
    { 
     sw.Write(strSOAPRequestBody); 
     sw.Flush(); 
    } 
} 
using (HttpWebResponse response = (HttpWebResponse)request.GetResponse()) 
{ 
    using (StreamReader responseStream = new StreamReader(response.GetResponseStream())) 
    { 
     Console.WriteLine((responseStream.ReadToEnd())); 
    } 
}

如果你这样做你应该收到回应:

<?xml version="1.0" encoding="utf-8"?> 
    <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3 
.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">  
    <soap:Body><HelloWorldResponse xmlns="http://tempuri.org/"> 
     <HelloWorldResult> 
     <BOM xmlns="">Hurray</BOM> 
     </HelloWorldResult> 
    </HelloWorldResponse> 
    </soap:Body> 
</soap:Envelope>

验证用户名和密码将取决于你的实现 - 如果你有asp.net成员资格,那么你应该能够使用ValidateUser方法。另请注意,如果您未使用SSL,则通过电话线发送时,用户名和密码将可见。

另一个需要注意的是,手工将XML编写成字符串几乎总是一个坏主意,所以(至少)使用XML框架类来生成正确的XML。更好的是使用Web服务工具包。

来源

2010-09-16 03:56:01

+3

另外,避免使用字符串创建XML。如果用户的密码中包含以下任何字符,它会变得繁荣:<, >,&(以及更多)。请参阅http://dotnetslackers.com/articles/aspnet/Securing-ASP-Net-Web-Services-with-Forms-Authentication.aspx中的文章,以获得更好的(且非常相似,因此更改应该很少)的实现使用Forms Authentication来保护Web服务的安全。 – 2010-09-16 07:15:04

+0

@Andreas Paulsson,好文章。我同意。手工制作XML并不是制作实施的方式 - 至少使用XML框架类。 – 2010-09-16 07:45:39

+0

谢谢大家,我会避免使用字符串中的XML。谢谢Tuzo。 – Dheeraj 2010-09-16 12:46:36

相关问题

 相关问题