Correct way to authorize an ASMX .NET web service from MVC 4 Project

后端 未结 4 2170
萌比男神i
萌比男神i 2021-02-14 00:59

I have an ASP.NET MVC application that has a .asmx web service

I wrote an action filter attribute that I wanted to use on web methods on the web service, to che

4条回答
  •  北荒
    北荒 (楼主)
    2021-02-14 01:04

    In answer to your first question, MVC filters and Web API filters cannot be triggered by ASMX web services.

    1. Action Filters are part of the MVC pipeline, triggered before (or after) an Action Method on a Controller (or API Controller) is executed. They can only be used within the MVC framework.

      Action Filter override a virtual method on a MVC Controller (OnActionExecuting). As only MVC Controllers have such methods, and only the MVC pipeline checks for them

    2. To make matters worse, ASMX services, by default, use SOAP protocol rather than HTTP protocol. SOAP services are not able to access HTTP contexts (e.g. HttpContext.Current.User) or HTTP Frameworks.

      Web services can be configured to use the HTTP protocol. But, even then, MVC specific attributes are of no help to you.


    Ways to Authenticate legacy ASMX services

    • Ideal way is to add a Service Reference to your MVC 4 project, calling your ASMX method like any class library method from an [Authorize] secured Action Method or Web API method.

      This way, you can leverage your MVC or Web API Authentication filters.

    • If you prefer to secure your ASMX service directly, you can check to HttpContext.Current.User with Forms Authentication by configuring your ASMX service to use HTTP protocol.

    in your web.config

    
      
        
          
            
            
          
        
      
     
    

提交回复
热议问题