1. 技术文章
  2. asp web service: check if user is logged-in

asp web service: check if user is logged-in

◇◆丶佛笑我妖孽 提交于 2019-12-08 03:13:58

问题


I'm creating a web service that'll be called from a web form in asp.net. How does the web service check if the user is logged-in and if it is the logged-in user that's actually requesting the service?

thanks


回答1:


It cannot. Since you're going to call the web service from ASP.NET, you're building a 3-tier application.

Tier 1 is the browser and tier 2 is ASP.NET web application. They share cookies and session variables, so ASP.NET can always authenticate the user. And you already know that.

Tier 3 is the web service. Communication between 2 and 3 is done over a different HTTP connection, sharing different cookies (actually none) and session variables (again, actually none because calls are stateless).

You then have no way to allow the web service on tier 3 to authenticate the client on tier 1.

HOWEVER...............

There is still a possibility, but only if your web service is local to your ASP.NET webapp. That's unlikely to occur, really, because web services are made for remote calls, not local calls. I don't think it's your case.




回答2:


If this is a local web service, as djechelon suggests, They will share session state you are all set. Use djechelon's answer, ignore mine :)

If not: ask the larger question: what is stoping someone from calling your web service outside the context of your web app: using a tool like soapUI?

1) lock down your service (using WCF Security). http://msdn.microsoft.com/en-us/library/ms731925.aspx

2) create a local webservice that checks authentication/authorization, and calls the webservice: passing the authorization information.

This is one approach that values the operation the WS performs over redundant Webservice calls. It is your disgression if a WS that calls another fits your performance needs.




回答3:


You can Enable Session in WebMethod like this:

 [WebMethod(EnableSession = true)]
        public string DoSomthing(string para)
        {
                   user = new SystemUser();
                    if (!user.Authenticate())
                    {//401 Unauthenicated}
        }

Authenticate Method:

 public  bool  Authenticate()
    {
        try
        {

            if (HttpContext.Current.Session["UName"] == null || HttpContext.Current.Session["Role"] == null)
            {
                return false;
            }
            else
            {
                this.Id = HttpContext.Current.Session["UName"].ToString();
                this.Role = (Core.Role)HttpContext.Current.Session["Role"];
                return true;
            }
        }
        catch (Exception ex)
        {
            throw new Exception("Authenticate",ex);
        }
    }


来源:https://stackoverflow.com/questions/4048135/asp-web-service-check-if-user-is-logged-in

标签
ASP.NET
asmx
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!