asmx-web-service-basic-authentication

http://stackoverflow.com/questions/10861568/asmx-web-service-basic-authentication

//-----------------------------------------------------

public class BasicAuthHttpModule:IHttpModule
{
   
voidIHttpModule.Init(HttpApplication context)
   
{
        context
.AuthenticateRequest+=newEventHandler(OnAuthenticateRequest);
   
}

   
voidOnAuthenticateRequest(object sender,EventArgs e)
   
{
       
string header =HttpContext.Current.Request.Headers["Authorization"];

       
if(header !=null&& header.StartsWith("Basic"))  //if has header
       
{
           
string encodedUserPass = header.Substring(6).Trim();  //remove the "Basic"
           
Encoding encoding =Encoding.GetEncoding("iso-8859-1");
           
string userPass = encoding.GetString(Convert.FromBase64String(encodedUserPass));
           
string[] credentials = userPass.Split(':');
           
string username = credentials[0];
           
string password = credentials[1];

           
if(!MyUserValidator.Validate(username, password))
           
{
               
HttpContext.Current.Response.StatusCode=401;
               
HttpContext.Current.Response.End();
           
}
       
}
       
else
       
{
           
//send request header for the 1st round
           
HttpContext context =HttpContext.Current;
            context
.Response.StatusCode=401;
            context
.Response.AddHeader("WWW-Authenticate",String.Format("Basic realm=\"{0}\"",string.Empty));
       
}
   
}

   
voidIHttpModule.Dispose()
   
{
   
}
}

staticvoidMain(string[] args)
{
   
var proxy =newService1.Service1()
                   
{
                       
Credentials=newNetworkCredential("user1","p@ssw0rd"),
                       
PreAuthenticate=true
                   
};
   
try
   
{
       
var result = proxy.HelloWorld();
       
Console.WriteLine(result);
   
}
   
catch(Exception e)
   
{
       
Console.WriteLine(e.Message);
   
}
   
Console.ReadKey();
}

The fiddler results:

POST http://www.mywebsite.com/Service1.asmx HTTP/1.1

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; MS Web Services Client Protocol 2.0.50727.4927)

VsDebuggerCausalityData: uIDPo+drc57U77xGu/ZaOdYvw6IAAAAA8AjKQNpkV06FEWDEs2Oja2C+h3kM7dlDvnFfE1VlIIIACQAA

Content-Type: text/xml; charset=utf-8

SOAPAction: "http://www.mywebsite.com/HelloWorld"

Host: www.mywebsite.com

Content-Length: 291

Expect: 100-continue

Connection: Keep-Alive



<?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 



xmlns:xsd="http://www.w3.org/2001/XMLSchema"><soap:Body><HelloWorld xmlns="http://www.mywebsite.com/" /></soap:Body></soap:Envelope>

HTTP/1.1 401 Unauthorized

Cache-Control: private

Content-Type: text/html

Server: Microsoft-IIS/7.5

WWW-Authenticate: Basic realm=""

X-AspNet-Version: 4.0.30319

WWW-Authenticate: Basic realm="www.mywebsite.com"

X-Powered-By: ASP.NET

Date: Sun, 03 Jun 2012 07:14:40 GMT

Content-Length: 1293

------------------------------------------------------------------



POST http://www.mywebsite.com/Service1.asmx HTTP/1.1

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; MS Web Services Client Protocol 2.0.50727.4927)

VsDebuggerCausalityData: uIDPo+drc57U77xGu/ZaOdYvw6IAAAAA8AjKQNpkV06FEWDEs2Oja2C+h3kM7dlDvnFfE1VlIIIACQAA

Content-Type: text/xml; charset=utf-8

SOAPAction: "http://www.mywebsite.com/HelloWorld"

Authorization: Basic dXNlcjE6cEBzc3cwcmQ=

Host: www.mywebsite.com

Content-Length: 291

Expect: 100-continue



<?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 



xmlns:xsd="http://www.w3.org/2001/XMLSchema"><soap:Body><HelloWorld xmlns="http://www.mywebsite.com/" /></soap:Body></soap:Envelope>

HTTP/1.1 401 Unauthorized

Content-Type: text/html

Server: Microsoft-IIS/7.5

WWW-Authenticate: Basic realm="www.mywebsite.com"

X-Powered-By: ASP.NET

Date: Sun, 03 Jun 2012 07:14:41 GMT

Content-Length: 1293

 

 

//---------------------------------------------------------------

publicclassBasicAuthHttpModule:IHttpModule
{
   
publicvoidDispose()
   
{
   
}

   
public void Init(HttpApplication application)
   
{ application.AuthenticateRequest+=new
           
EventHandler(this.OnAuthenticateRequest);
        application
.EndRequest+=new
           
EventHandler(this.OnEndRequest);
   
}

   
public void OnAuthenticateRequest(object source,EventArgs
                        eventArgs
)
   
{
       
HttpApplication app =(HttpApplication)source;

       
string authHeader = app.Request.Headers["Authorization"];
       
if(!string.IsNullOrEmpty(authHeader))
       
{
           
string authStr = app.Request.Headers["Authorization"];

           
if(authStr ==null|| authStr.Length==0)
           
{
               
return;
           
}

            authStr
= authStr.Trim();
           
if(authStr.IndexOf("Basic",0)!=0)
           
{
               
return;
           
}

            authStr
= authStr.Trim();

           
string encodedCredentials = authStr.Substring(6);

           
byte[] decodedBytes =
           
Convert.FromBase64String(encodedCredentials);
           
string s =newASCIIEncoding().GetString(decodedBytes);

           
string[] userPass = s.Split(newchar[]{':'});
           
string username = userPass[0];
           
string password = userPass[1];

           
if(!MyUserValidator.Validate(username, password))
           
{
               
DenyAccess(app);
               
return;
           
}
       
}
       
else
       
{
            app
.Response.StatusCode=401;
            app
.Response.End();
       
}
   
}
   
publicv oid OnEndRequest(object source,EventArgs eventArgs)
   
{
       
if(HttpContext.Current.Response.StatusCode==401)
       
{
           
HttpContext context =HttpContext.Current;
            context
.Response.StatusCode=401;
            context
.Response.AddHeader("WWW-Authenticate","Basic Realm");
       
}
   
}

   
private void DenyAccess(HttpApplication app)
   
{
        app
.Response.StatusCode=401;
        app
.Response.StatusDescription="Access Denied";
        app
.Response.Write("401 Access Denied");
        app
.CompleteRequest();
   
}
}

//--------------------------------------------------------

 string url = "http://rasnote/wconnect/admin/wc.wc?_maintain~ShowStatus";
    HttpWebRequest req = HttpWebRequest.Create(url) as HttpWebRequest;

    string user = "ricks";
    string pwd = "secret";
    string domain = "www.west-wind.com";

    string auth = "Basic " + Convert.ToBase64String(System.Text.Encoding.Default.GetBytes(user + ":" + pwd));
    req.PreAuthenticate = true;
    req.Headers.Add("Authorization", auth);
    req.UserAgent = ": Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1.3) Gecko/20090824 Firefox/3.5.3 (.NET CLR 4.0.20506)";
    WebResponse resp = req.GetResponse();
    resp.Close();

//-----------------------------------------------------

你可能感兴趣的:(Authentication)