Several question about design/develop Web Service in .NET
問題
解答
-
If in your case, then security should be implemented by yourself, e.g.:
1. The most simple one is to use IIS/application setting to use Integrated Windows Authentication but it may not be compatible to some client application
2. You can utilitze the SoapHeader class (http://msdn.microsoft.com/en-us/library/system.web.services.protocols.soapheader.aspx) to submit custom information (e.g. username/password) to the Web Services in the SOAP header. However, you should aware of the data security during transportation. Hence, you may need to enable SSL or implement a custom encryption logic in your code.
3. For IP range filtering, you may config it in IIS level or implement custom logic to check client's IP address before execuing any of your business logic.
When using VS.NET or the wsdl command to generate the Web Services proxy class for you, it must be implemented in class since it needs to have inheritance from a standard base class no matter you use struct/class at service provider side. In addition, please note that when using Web Services, service consumer and service provider are loosely couple to each other. That means you only need to know the data structure provided but you don't need to care about what technology used at the service provider side. You feel confuse is because the service provider and the service consumer are both implemented by you (or your team), that makes you know everything in the low level implementation. Try to forget about the details at the services provider side when you implement the service consumer and I think you can make that clear.
It's ok for adding me at your MSN and you can find my MSN account in the email section of my profile here.
所有回覆
-
If in your case, then security should be implemented by yourself, e.g.:
1. The most simple one is to use IIS/application setting to use Integrated Windows Authentication but it may not be compatible to some client application
2. You can utilitze the SoapHeader class (http://msdn.microsoft.com/en-us/library/system.web.services.protocols.soapheader.aspx) to submit custom information (e.g. username/password) to the Web Services in the SOAP header. However, you should aware of the data security during transportation. Hence, you may need to enable SSL or implement a custom encryption logic in your code.
3. For IP range filtering, you may config it in IIS level or implement custom logic to check client's IP address before execuing any of your business logic.
When using VS.NET or the wsdl command to generate the Web Services proxy class for you, it must be implemented in class since it needs to have inheritance from a standard base class no matter you use struct/class at service provider side. In addition, please note that when using Web Services, service consumer and service provider are loosely couple to each other. That means you only need to know the data structure provided but you don't need to care about what technology used at the service provider side. You feel confuse is because the service provider and the service consumer are both implemented by you (or your team), that makes you know everything in the low level implementation. Try to forget about the details at the services provider side when you implement the service consumer and I think you can make that clear.
It's ok for adding me at your MSN and you can find my MSN account in the email section of my profile here.
