Correct way to authorize an ASMX .NET web service from MVC 4 Project

后端 未结 4 2173
萌比男神i
萌比男神i 2021-02-14 00:59

I have an ASP.NET MVC application that has a .asmx web service

I wrote an action filter attribute that I wanted to use on web methods on the web service, to che

4条回答
  •  孤街浪徒
    2021-02-14 01:09

    First part of your Question:

    is using MVC attributes an acceptable way of authorizing web service called on an ASMX web service?

    As per @DaveAlperovich

    MVC filters and Web API filters cannot be triggered by ASMX web services.

    But from this SO answer

    Since ASMX are also server by the ASP.NET pipeline, you could just use HttpModules, which give you a lot of control on the way in and the way out.

    Here's a reference and an example: http://msdn.microsoft.com/en-us/library/aa719858%28VS.71%29.aspx

    If you want to make it very "MVC-like" then you would write a custom http module that check the webservice for attributes such as [Authorize] etc. Since ASP.NET MVC is open source you may just use parts of that as a reference how they check for attributes etc and then build it into your HTTPModule.

    Link to SO Question

    So Still i couldn't find a well Official documented regarding your First question and i still doubt that certain events don't fire for a web service while using the MVC attributes

    Update

    While coming to ASMX (source)

    uses XML Information Set for its message format, and relies on application layer protocols, most notably Hypertext Transfer Protocol (HTTP) or Simple Mail Transfer Protocol (SMTP), for message negotiation and transmission

    From Scott Hanselman Blog the request is by default not handled by the ASP.NET MVC routing mechanism

    Why doesn't ASP.NET MVC grab the request? Two reasons. First, there's an option on RouteCollection called RouteExistingFiles. It's set to false by default which causes ASP.NET MVC to automatically skip routing when a file exists on disk.

    Second Qst:

    is there a better/more efficient way of authorizing web service method calls?

    you may use credentials sent in the SOAP header to authorizing the web service

    Here is an example:

    using System;
    using System.Collections.Generic;
    using System.Linq;
    using System.Web;
    using System.Web.Services;
    using System.Web.Services.Protocols;
    
    namespace AuthExample
    {
    
        public class Authentication : SoapHeader
        {
            public string User;
            public string Password;
        }
    
        /// 
        /// Summary description for webrusterapi
        /// 
        [WebService(Namespace = "http://xxxx.xxx")]
        [WebServiceBinding(ConformsTo = Profiles.BProfile1)]
        [System.ComponentModel.ToolboxItem(false)]
        public class Webrusterapi: System.Web.Services.WebService
        {
            public Authentication authHeader;
    
            [WebMethod]
            public string HelloWorld()
            {
                return "Hello World";
            }
    
            [WebMethod]
            [SoapHeader("authHeader")]
            public string HelloWorldWithCredentials()
            {
                if (authHeader.User != "Foouser" & authHeader.Password != "barPassword")
                {
                    new SoapException("Fault occurred", SoapException.ClientFaultCode);
                }
                return string.Format("Hello {0}", authHeader.User);
            }
        }
    }
    

提交回复
热议问题