ASP.NET Implements WebService Application Instances Based on Forms Certification
- 2021-06-28 12:21:50
- OfStack
This paper gives an example of how ASP.NET implements WebService application based on Forms certification.Share it for your reference.The implementation is as follows:
In ASP.Net programs that do not require very high security requirements, Forms-based authentication is one of the most commonly used methods. If you need to authenticate WebService, the most common method is probably a custom authentication based on the Soap header.If we compare them under 1, it is clear that the Forms-based authentication method is more convenient and easy to use. Can we apply the Forms authentication method to WebService?
In theory, it is possible to authenticate WebService using an Forms-based method, but there are two problems in using WebService:
1. Forms-based authentication is also Cookie-based authentication. When using browsers, this issue does not need to be considered.But for applications that use WebService, Cookie cannot be saved by default, and we need to do it ourselves.
2. Since WebService is an A2A (Application To Application) application, it is obviously not appropriate to use the Web form for authentication, and this will inevitably result in human-computer interaction, which greatly discounts the application of WebService.
Next, we'll address these two issues step by step:
1. Cookie storage issues
WebService's client proxy class has a property CookieContainer that can be used to set up or obtain Cookie collections, and the task of saving Cookie is left to him:
System.Net.CookieContainer cookieContainer = new System.Net.CookieContainer();
MyService.WebService service = new App.MyService.WebService();
service.CookieContainer = cookieContainer;
2. We do not want to use the Web form for authentication. Fortunately, the form page in the ASP.Net form authentication (loginUrl within the forms element in the Web.config file) can also be specified as the WebService file.
We created an Web service specifically for authentication, temporarily named Login.asmx, and then made loginUrl equal to "Login.asmx". Of course, anonymous access is also prohibited in the authorization section of the Web.config file (otherwise, we're busy). The Web.config file after configuration is complete is as follows:
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<system.web>
<compilation debug="false" />
<authentication mode="Forms">
<forms name="MyService" loginUrl="Login.asmx"></forms>
</authentication>
<authorization >
<deny users="?"/>
</authorization>
</system.web>
</configuration>Actually, we don't want our browser to go to Login.asmx without authentication. The real benefit for clients using WebService is that the methods in Login.asmx can be accessed anonymously (of course, we can also place Login.asmx in a separate directory and allow anonymous access to that directory for that purpose,But I think loginUrl is more elegant.
Next, we add WebMethod for authentication to Login.asmx:
[WebMethod]
public bool Check(string userName,string password)
{
if(userName == "aaaaaa" && password == "123456")
// Add Validation Logic
{
System.Web.Security.FormsAuthentication.SetAuthCookie(userName, false);
return true;
}
else
{
return false;
}
}The last step is to share CookieContainer with the Login instance in the client program.
class Sample
{
System.Net.CookieContainer cookieContainer = new System.Net.CookieContainer();
public void Login()
{
MyServiceLogin.Login login = new App.MyServiceLogin.Login();
login.CookieContainer = cookieContainer;
login.Check("aaaaaa", "123456");
}
public void ShowHelloWorld()
{
MyService.WebService service = new App.MyService.WebService();
service.CookieContainer = cookieContainer;
Console.WriteLine(service.HelloWorld());
}
}Login () and then ShowHelloWorld (), have you seen the familiar "Hello World"?Ok, that's it!
We hope that the description in this paper will be helpful to everyone's C#program design.