[英]How to use WS-Security and Access UsernameToken from an ASMX Web Service?
Okay, so we have a legacy ASMX web service that is currently running in .NET 3.5 and we're using Visual Studio 2008. 好的,我们有一个目前在.NET 3.5中运行的传统ASMX Web服务,我们正在使用Visual Studio 2008。
The problem is, we need to add authentication and would like to take advantage of the WS-Security model without breaking any existing internal clients who don't need to authenticate currently. 问题是,我们需要添加身份验证,并希望利用WS-Security模型,而不会破坏任何不需要当前身份验证的现有内部客户端。
We've thought about adding custom headers, but that's not very WS-Security-ish. 我们已经考虑过添加自定义标头,但这不是WS-Security-ish。 Also upgrading to WCF, while a long term goal, is not viable in the short-term.
升级到WCF虽然是长期目标,但短期内不可行。
Is there a way to access the UsernameToken (provided it's passed by the client) indirectly in the soap header of a VS2008 ASMX web service? 有没有办法间接访问VS2008 ASMX Web服务的soap标头中的UsernameToken(假设它是由客户端传递的)?
You could try Web Services Enhancements (WSE) 3.0 . 您可以尝试Web服务增强(WSE)3.0 。 This adds support for an old version of WS-Security (the 2004 version I think - WCF supports the 2005 and 2007 versions).
这增加了对旧版 WS-Security的支持(我认为2004版本--WCF支持2005和2007版本)。 It sits on top of ASMX without disturbing it, and does still work in .NET 3.5 / WS2008.
它位于ASMX的顶部而不会打扰它,并且仍然可以在.NET 3.5 / WS2008中运行。
Now for the downsides: 现在的缺点是:
Example 例
Specifying credentials on the client: 在客户端上指定凭据:
void SetUsernameCredential(WebServicesClientProtocol service, string userName, string password) {
UsernameToken token = new UsernameToken(userName, password, PasswordOption.SendHashed);
service.SetClientCredential(token);
}
Authenticating credentials on the server: 验证服务器上的凭据:
public class MyUsernameTokenManager : UsernameTokenManager {
protected override string AuthenticateToken(UsernameToken token) {
// Authenticate here.
// If succeess, return an authenticated IPrincipal and the user's password as shown.
// If failure, throw an exception of your choosing.
token.Principal = principal;
return password;
}
}
Reading credentials on the server: 读取服务器上的凭据:
IPrincipal principal = RequestSoapContext.Current.IdentityToken.Principal;
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.