[英]ASP.NET web service using forms authentication from a windows app
I have an ASP.NET web service that I can access via a windows program but now I want to secure the web service. 我有一个可以通过Windows程序访问的ASP.NET Web服务,但是现在我想保护Web服务的安全。 I can secure the web service using forms authentication.
我可以使用表单身份验证来保护Web服务。 How do you access the secured web service from a windows forms application?
如何从Windows窗体应用程序访问受保护的Web服务?
Although this is not the right approach, tt is theoretically possible to use forms authentication in the manner you describe. 尽管这不是正确的方法,但是从理论上讲,tt可以按照您描述的方式使用表单身份验证。 This could be accomplished by either:
这可以通过以下任一方法来完成:
As you can see, these methods are highly complex, and are fundamentally a hack to use forms-authentication where it was never intended. 如您所见,这些方法非常复杂,从根本上来说,是使用表单身份验证的一种黑客手段,而从没有使用过。
Microsoft intended us to use either Windows authentication, or SSL certs to secure access to ASP.NET web services. Microsoft打算让我们使用Windows身份验证或SSL证书来保护对ASP.NET Web服务的访问。 See HTTP Security and ASP.NET Web Services on MSDN.
请参阅MSDN上的HTTP安全性和ASP.NET Web服务 。
If you are able to use WCF, then a few more options present themselves, including the ability to build a custom authentication mechanism into the SOAP, with some support from WCF. 如果您能够使用WCF,那么还会出现一些其他选择,包括在WCF的支持下将自定义身份验证机制构建到SOAP中的能力。
For the most part, securing web services is one of the trickiest parts of the job. 在大多数情况下,保护Web服务是工作中最棘手的部分之一。 Many live solutions which I have seen are compromises such as the ones above.
我看到的许多实时解决方案都是上述折衷方案。
It seems the answer is no. 看来答案是否定的。 Forms authentication is a cookie-based mechanism, and your WinForms app won't be able to hold and relay the cookies (without some serious workarounds, if at all).
表单身份验证是一种基于cookie的机制,您的WinForms应用将无法保存和中继cookie(如果没有,请采取一些严肃的解决方法)。
A potential workaround that I wrote up when researching your question attempted to use a NetworkCredential
object, but that didn't work. 当研究您的问题时,我写了一个潜在的解决方法,尝试使用
NetworkCredential
对象,但是没有用。 Also tried was the ClientCredentials
in .NET 4.0. 还尝试了.NET 4.0中的
ClientCredentials
。
var ss = new MySecureWebService.MyServiceSoapClient();
ss.ClientCredentials.UserName.UserName = "abc";
ss.ClientCredentials.UserName.Password = "123";
string asmxReturn = ss.HelloWorld(); //exception returned here
The console app was still presented with the login html page when calling the webmethod. 调用Web方法时,控制台应用程序仍显示有登录html页面。
Other Suggestions 其他建议
I understand that your goal is to reuse the app that's deployed, but the next best thing would be to use the same logic/implementation via .dll reference. 我了解您的目标是重用已部署的应用程序,但下一个最好的方法是通过.dll引用使用相同的逻辑/实现。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.