Correct way to authorize an ASMX .NET web service from MVC 4 Project

后端未结

关注

 4  2164

萌比男神i 2021-02-14 00:59

I have an ASP.NET MVC application that has a .asmx web service

I wrote an action filter attribute that I wanted to use on web methods on the web service, to che

4条回答

北荒 (楼主)

2021-02-14 01:04
In answer to your first question, MVC filters and Web API filters cannot be triggered by ASMX web services.
1. Action Filters are part of the MVC pipeline, triggered before (or after) an Action Method on a Controller (or API Controller) is executed. They can only be used within the MVC framework.
  
  Action Filter override a virtual method on a MVC Controller (OnActionExecuting). As only MVC Controllers have such methods, and only the MVC pipeline checks for them
2. To make matters worse, ASMX services, by default, use SOAP protocol rather than HTTP protocol. SOAP services are not able to access HTTP contexts (e.g. HttpContext.Current.User) or HTTP Frameworks.
  
  Web services can be configured to use the HTTP protocol. But, even then, MVC specific attributes are of no help to you.
Ways to Authenticate legacy ASMX services
- Ideal way is to add a Service Reference to your MVC 4 project, calling your ASMX method like any class library method from an [Authorize] secured Action Method or Web API method.
  
  This way, you can leverage your MVC or Web API Authentication filters.
- If you prefer to secure your ASMX service directly, you can check to HttpContext.Current.User with Forms Authentication by configuring your ASMX service to use HTTP protocol.
in your web.config
```
  
    
      
        
        
      
    
  
 
```
0 讨论(0)

查看其它4个回答
发布评论:

提交评论
- 加载中...