如何使用 WS-Security 并从 ASMX Web 服务访问 UsernameToken?

发布于 2024-08-14 04:14:23 字数 293 浏览 8 评论 0原文

好的,我们有一个旧版 ASMX Web 服务,当前在 .NET 3.5 中运行,并且我们正在使用 Visual Studio 2008。

问题是,我们需要添加身份验证,并希望在不破坏的情况下利用 WS-Security 模型当前不需要身份验证的任何现有内部客户端。

我们考虑过添加自定义标头,但这不太符合 WS-Security 风格。此外,升级到 WCF 虽然是一个长期目标,但在短期内并不可行。

有没有办法在VS2008 ASMX Web服务的soap标头中间接访问UsernameToken(假设它是由客户端传递的)?

Okay, so we have a legacy ASMX web service that is currently running in .NET 3.5 and we're using Visual Studio 2008.

The problem is, we need to add authentication and would like to take advantage of the WS-Security model without breaking any existing internal clients who don't need to authenticate currently.

We've thought about adding custom headers, but that's not very WS-Security-ish. Also upgrading to WCF, while a long term goal, is not viable in the short-term.

Is there a way to access the UsernameToken (provided it's passed by the client) indirectly in the soap header of a VS2008 ASMX web service?

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(1

吲‖鸣 2024-08-21 04:14:23

您可以尝试 Web 服务增强功能 (华尔街英语)3.0。这增加了对 WS-Security 版本的支持(我认为是 2004 版本 - WCF 支持 2005 和 2007 版本)。它位于 ASMX 之上,不会干扰它,并且仍然可以在 .NET 3.5 / WS2008 中工作。

现在来说说缺点:

  • VS2008 不支持在客户端代码中添加或更新启用 WSE 的 Web 引用。它会愉快地创建普通的 ASMX 代理类,但不会创建身份验证所需的额外 WSE 代理类。您拥有的任何现有 WSE 代理代码都可以正常编译,但如果您尝试在 IDE 中更新 Web 引用,则会被删除。如果您拥有 VS2005 的副本,则可以使用它来维护或至少在客户端创建 Web 引用。
  • AFAIK,WS-Security 的 WSE 实现并不与 WCF 实现 100% 向前兼容。您需要自己使用 WCF 进行一些兼容性测试来确保这一点。

示例

在客户端上指定凭据:

void SetUsernameCredential(WebServicesClientProtocol service, string userName, string password) {
    UsernameToken token = new UsernameToken(userName, password, PasswordOption.SendHashed);
    service.SetClientCredential(token);
}

在服务器上验证凭据:

public class MyUsernameTokenManager : UsernameTokenManager {
    protected override string AuthenticateToken(UsernameToken token) {
        // Authenticate here.
        // If succeess, return an authenticated IPrincipal and the user's password as shown.
        // If failure, throw an exception of your choosing.
        token.Principal = principal;
        return password;
    }
}

在服务器上读取凭据:

IPrincipal principal = RequestSoapContext.Current.IdentityToken.Principal;

You could try Web Services Enhancements (WSE) 3.0. This adds support for an old version of WS-Security (the 2004 version I think - WCF supports the 2005 and 2007 versions). It sits on top of ASMX without disturbing it, and does still work in .NET 3.5 / WS2008.

Now for the downsides:

  • VS2008 does not support adding or updating WSE-enabled web references in client code. It will happily create the normal ASMX proxy class, but not the extra WSE proxy class that is required for authentication. Any existing WSE proxy code you have does compile OK, but will be deleted if you try to update the web reference in the IDE. If you possess a copy of VS2005, you could use it to maintain or at least create the web reference on the client side.
  • AFAIK, the WSE implementation of WS-Security is not 100% forward-compatible with the WCF implementations. You will need to do some compatibility testing of your own with WCF to make sure.

Example

Specifying credentials on the client:

void SetUsernameCredential(WebServicesClientProtocol service, string userName, string password) {
    UsernameToken token = new UsernameToken(userName, password, PasswordOption.SendHashed);
    service.SetClientCredential(token);
}

Authenticating credentials on the server:

public class MyUsernameTokenManager : UsernameTokenManager {
    protected override string AuthenticateToken(UsernameToken token) {
        // Authenticate here.
        // If succeess, return an authenticated IPrincipal and the user's password as shown.
        // If failure, throw an exception of your choosing.
        token.Principal = principal;
        return password;
    }
}

Reading credentials on the server:

IPrincipal principal = RequestSoapContext.Current.IdentityToken.Principal;
~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文