12,162
社区成员
发帖
与我相关
我的任务
分享
public sealed class WebServiceAuthenticationModule : IHttpModule
{
public const string CACHEKEY_FORMAT = "AUTHINFO_{0}";
/// <summary>
/// 类初始化,新建一个认证事件
/// </summary>
/// <param name="httpApp"></param>
public void Init(HttpApplication httpApp)
{
httpApp.AuthenticateRequest += new EventHandler(httpApp_AuthenticateRequest);
}
/// <summary>
/// 类释放
/// </summary>
public void Dispose()
{
}
/// <summary>
/// 对调用Webservice进行合法性验证
/// </summary>
/// <param name="sender"></param>
/// <param name="e"></param>
private void httpApp_AuthenticateRequest(object sender, EventArgs e)
{
HttpApplication app = (HttpApplication)sender;
HttpContext context = app.Context;
Stream httpStream = context.Request.InputStream;
// Save the current position of stream.
long posStream = httpStream.Position;
// If the request contains an HTTP_SOAPACTION
// header, look at this message.
if (context.Request.ServerVariables["HTTP_SOAPACTION"] == null)
{
return;
}
// Load the body of the HTTP message
// into an XML document.
XmlDocument dom = new XmlDocument();
AuthenticationSoapHeader authInfo = null;
try
{
dom.Load(httpStream);
// Reset the stream position.
httpStream.Position = posStream;
XmlNodeList nodeValidationKey = dom.GetElementsByTagName("ValidationKey");
XmlNodeList nodeValidationDT = dom.GetElementsByTagName("ValidationDateTime");
XmlNodeList nodeValidationCode = dom.GetElementsByTagName("ValidationCode");
string validationKey = null;
DateTime validationDT = DateTime.MaxValue;
string validationCode = null;
bool isCheck = false;
if (nodeValidationKey != null && nodeValidationKey.Count != 0
&& nodeValidationDT != null && nodeValidationDT.Count != 0
&& nodeValidationCode != null && nodeValidationCode.Count != 0)
{
validationKey = nodeValidationKey.Item(0).InnerText;
if (!DateTime.TryParse(nodeValidationDT.Item(0).InnerText, out validationDT))
{
isCheck = true;
}
validationCode = nodeValidationCode.Item(0).InnerText;
}
if (isCheck)
{
throw new SoapException("本Webservice只允许客户端进行调用,不允许远程直接调用。",
new XmlQualifiedName("httpApp_AuthenticateRequest"));
}
string key = Crypt.DecryptDES(validationKey, validationDT.ToString("yyyy/MM/dd HH:mm:ss.fffffff"));
string code = null;
if (validationDT.Second < 30)
{
code = Crypt.GetMD5String(key);
}
else if (validationDT.Second < 40)
{
code = Crypt.GetSHA1String(key);
}
else
{
code = Crypt.GetSHA256String(key);
}
if (!validationCode.Equals(code))
{
throw new SoapException("本Webservice只允许客户端进行调用,不允许远程直接调用。",
new XmlQualifiedName("httpApp_AuthenticateRequest"));
}
XmlNodeList nodeAuthenticateLogin = dom.GetElementsByTagName("Authenticate");
if ((nodeAuthenticateLogin != null && 0 < nodeAuthenticateLogin.Count))
{
return;
}
// 认证的信息不正确,抛出一个异常
XmlNodeList nodeStaffID = dom.GetElementsByTagName("StaffID");
XmlNodeList nodeUseStaffPassword = dom.GetElementsByTagName("StaffPassword");
XmlNodeList nodeSessionKey = dom.GetElementsByTagName("SessionKey");
if (nodeStaffID == null
|| nodeStaffID.Count == 0
|| nodeUseStaffPassword == null
|| nodeUseStaffPassword.Count == 0
|| nodeSessionKey == null
|| nodeSessionKey.Count == 0)
{
throw new SoapException("WebService访问的权限不够,请联系系统管理员。",
new XmlQualifiedName("httpApp_AuthenticateRequest"));
}
// 给认证的头信息重新赋值
authInfo = new AuthenticationSoapHeader();
authInfo.StaffID= Convert.ToInt32(nodeStaffID.Item(0).InnerText);
authInfo.StaffPassword = nodeUseStaffPassword.Item(0).InnerText;
authInfo.SessionKey = nodeSessionKey.Item(0).InnerText;
}
catch (Exception ex)
{
httpStream.Position = posStream;
// Throw a SOAP exception.
XmlQualifiedName name = new XmlQualifiedName("httpApp_AuthenticateRequest");
SoapException soapException =
new SoapException("Unable to read SOAP request", name, ex);
throw soapException;
}
// 执行认证处理
Authenticate(authInfo, context);
}
/// <summary>
/// webservice的SOAP头认证处理
/// </summary>
/// <param name="auth">头认证的用户信息</param>
/// <param name="context">请求内容</param>
private void Authenticate(AuthenticationSoapHeader auth, HttpContext context)
{
int staffID = -1;
if (!dongke.dkCRM.WebService.Function.dkCRMFunction.AuthenticateSoap(auth,ref staffID))
{
// 认证失败的情况
throw new SoapException("用户认证失败", new XmlQualifiedName("Authenticate"));
}
else
{
// 认证成功的情况
context.Items[dkCRMWebService.CONTEXTITEMS_STAFFID] = staffID;
}
}
<%@ WebService Language="C#" CodeBehind="~/App_Code/dkCRMWebService.cs" Class="dkCRMWebService" %>