Web service security attributes

Asked

Viewed 271 times

3

You can use the AuthorizeAttribute in asmx, Soap or Rest? webservice and custom attributes, such as the below (example only)?

[System.AttributeUsage(System.AttributeTargets.Class |
                       System.AttributeTargets.Struct)
]
public class Author : System.Attribute
{
    private string name;
    public double version;

    public Author(string name)
    {
        this.name = name;
        version = 1.0;
    }
}

1 answer

3


For Web Services, the correct is define an HTTP module that handles SOAP headers.

Next, we need to define a web method that does this header handling, then yes using the already known attributes.

A priori is for both ASMX and WCF.

Below an example of use with a RoleProvider (teaching to be implemented here):

public class SecureWebService : WebService{
  public Authentication authentication;

  [WebMethod]
  [SoapHeader("authentication")]
  public string UsuarioValido() {
    if (User.IsInRole("Cliente"))
      return "Usuário é um cliente";

    if (User.Identity.IsAuthenticated)
      return "Usuário validado";

    return "Não autenticado";
  }
}

Browser other questions tagged

You are not signed in. Login or sign up in order to post.