如何使用ASMX Web服务中的WS-Security和Access UsernameToken?
[英]How to use WS-Security and Access UsernameToken from an ASMX Web Service?
问题描述
Okay, so we have a legacy ASMX web service that is currently running in .NET 3.5 and we're using Visual Studio 2008. 
好的,我们有一个目前在.NET 3.5中运行的传统ASMX Web服务,我们正在使用Visual Studio 2008。
The problem is, we need to add authentication and would like to take advantage of the WS-Security model without breaking any existing internal clients who don't need to authenticate currently. 问题是,我们需要添加身份验证,并希望利用WS-Security模型,而不会破坏任何不需要当前身份验证的现有内部客户端。
We've thought about adding custom headers, but that's not very WS-Security-ish. 我们已经考虑过添加自定义标头,但这不是WS-Security-ish。 Also upgrading to WCF, while a long term goal, is not viable in the short-term. 升级到WCF虽然是长期目标,但短期内不可行。
Is there a way to access the UsernameToken (provided it's passed by the client) indirectly in the soap header of a VS2008 ASMX web service? 有没有办法间接访问VS2008 ASMX Web服务的soap标头中的UsernameToken(假设它是由客户端传递的)?
1 个解决方案
解决方案1
7 已采纳 2009-12-08 16:59:23
You could try Web Services Enhancements (WSE) 3.0 . 您可以尝试Web服务增强(WSE)3.0 。 This adds support for an old version of WS-Security (the 2004 version I think - WCF supports the 2005 and 2007 versions). 这增加了对旧版 WS-Security的支持(我认为2004版本--WCF支持2005和2007版本)。 It sits on top of ASMX without disturbing it, and does still work in .NET 3.5 / WS2008. 它位于ASMX的顶部而不会打扰它,并且仍然可以在.NET 3.5 / WS2008中运行。
Now for the downsides: 现在的缺点是:
- VS2008 does not support adding or updating WSE-enabled web references in client code. VS2008不支持在客户端代码中添加或更新启用WSE的Web引用。 It will happily create the normal ASMX proxy class, but not the extra WSE proxy class that is required for authentication. 它将很乐意创建正常的ASMX代理类,但不会创建身份验证所需的额外WSE代理类。 Any existing WSE proxy code you have does compile OK, but will be deleted if you try to update the web reference in the IDE. 您拥有的任何现有WSE代理代码都可以编译正常,但如果您尝试在IDE中更新Web引用,则会将其删除。 If you possess a copy of VS2005, you could use it to maintain or at least create the web reference on the client side. 如果您拥有VS2005的副本,则可以使用它来维护或至少在客户端创建Web引用。
- AFAIK, the WSE implementation of WS-Security is not 100% forward-compatible with the WCF implementations. AFAIK,WS-Security的WSE实现与WCF实现不是100%向前兼容。 You will need to do some compatibility testing of your own with WCF to make sure. 您需要对自己的WCF进行一些兼容性测试以确保。
Example 例
Specifying credentials on the client: 在客户端上指定凭据:
void SetUsernameCredential(WebServicesClientProtocol service, string userName, string password) {
UsernameToken token = new UsernameToken(userName, password, PasswordOption.SendHashed);
service.SetClientCredential(token);
}
Authenticating credentials on the server: 验证服务器上的凭据:
public class MyUsernameTokenManager : UsernameTokenManager {
protected override string AuthenticateToken(UsernameToken token) {
// Authenticate here.
// If succeess, return an authenticated IPrincipal and the user's password as shown.
// If failure, throw an exception of your choosing.
token.Principal = principal;
return password;
}
}
Reading credentials on the server: 读取服务器上的凭据:
IPrincipal principal = RequestSoapContext.Current.IdentityToken.Principal;
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.