secureservice.asmx

asp.net技术内幕的书配源码

<%@ WebService Class="SecureService" Language="C#" %>

using System;
using System.Web.Services;
using System.Web.Services.Protocols;
using System.Data;
using System.Data.SqlClient;

[WebService( Namespace="http://yourdomain.com/webservices" )]
public class SecureService : WebService 
{

	public AuthHeader AuthenticationHeader;

	[WebMethod]
	public ServiceTicket Login(string username, string password ) {
		SqlConnection conMyData;
		SqlCommand cmdCheckPassword;
		SqlParameter parmWork;
		int intUserID=0;
		int intRole=0;
		ServiceTicket objServiceTicket;
		DataRow drowSession;
		// Initialize Sql command
		conMyData = new SqlConnection( @"Server=localhost;Integrated Security=SSPI;database=myData" );
		cmdCheckPassword = new SqlCommand( "CheckPassword", conMyData );
		cmdCheckPassword.CommandType = CommandType.StoredProcedure;

		// Add parameters
		parmWork = cmdCheckPassword.Parameters.Add( new SqlParameter( "@validuser", SqlDbType.Int ) );
		parmWork.Direction = ParameterDirection.ReturnValue;
		cmdCheckPassword.Parameters.Add( new SqlParameter( "@username", username ) );
		cmdCheckPassword.Parameters.Add( new SqlParameter( "@password", password ) );
		parmWork = cmdCheckPassword.Parameters.Add( new SqlParameter( "@sessionkey", SqlDbType.UniqueIdentifier ) );
		parmWork.Direction = ParameterDirection.Output;
		parmWork = cmdCheckPassword.Parameters.Add( new SqlParameter( "@expiration", SqlDbType.DateTime ) );
		parmWork.Direction = ParameterDirection.Output;
		parmWork = cmdCheckPassword.Parameters.Add( new SqlParameter( "@userID", SqlDbType.Int ) );
		parmWork.Direction = ParameterDirection.Output;
		parmWork = cmdCheckPassword.Parameters.Add( new SqlParameter( "@role", SqlDbType.Int ) );
		parmWork.Direction = ParameterDirection.Output;

		// Execute the command
		conMyData.Open();
			cmdCheckPassword.ExecuteNonQuery();
			objServiceTicket = new ServiceTicket();
			if ((int)cmdCheckPassword.Parameters["@validuser"].Value == 0) 
			{
				objServiceTicket.IsAuthenticated = true;
				objServiceTicket.SessionKey = cmdCheckPassword.Parameters["@sessionkey"].Value.ToString();
				objServiceTicket.Expiration = (DateTime)cmdCheckPassword.Parameters["@expiration"].Value;
				intUserID = (int)cmdCheckPassword.Parameters["@userID"].Value;
				intRole = (int)cmdCheckPassword.Parameters["@role"].Value;
			} 
			else 
			{
				objServiceTicket.IsAuthenticated = false;
			}
		conMyData.Close();

		// Add session to cache
		if (objServiceTicket.IsAuthenticated)
		{
			if (Context.Cache["SessionKeys"] == null)
				LoadSessionKeys();
			
			drowSession = ((DataTable)Context.Cache["SessionKeys"]).NewRow();
			drowSession["session_key"] = objServiceTicket.SessionKey;
			drowSession["session_expiration"] = objServiceTicket.Expiration;
			drowSession["session_userID"] = intUserID;
			drowSession["session_username"] = username;
			drowSession["Session_role"] = intRole;
			((DataTable)Context.Cache["SessionKeys"]).Rows.Add( drowSession );
		}

		// Return ServiceTicket
		return objServiceTicket;
	}

	[WebMethod, SoapHeader( "AuthenticationHeader" )]
	public int GetLuckyNumber() {
		if (Authenticate( AuthenticationHeader ))
			return 7;
		return 0;
	}

	
	private void LoadSessionKeys() {
		SqlConnection conMyData;
		SqlDataAdapter dadMyData;
		DataSet dstSessionKeys;
		
		conMyData = new SqlConnection( @"Server=localhost;Integrated Security=SSPI;database=myData" );
		dadMyData = new SqlDataAdapter( "LoadSessionKeys", conMyData );
		dadMyData.SelectCommand.CommandType = CommandType.StoredProcedure;
		dstSessionKeys = new DataSet();
		dadMyData.Fill( dstSessionKeys, "SessionKeys" );
		Context.Cache.Insert( 
			"SessionKeys", 
			dstSessionKeys.Tables["SessionKeys"], 
			null, 
			DateTime.Now.AddHours( 3 ), 
			TimeSpan.Zero 
		);
	}

	private bool Authenticate(AuthHeader objAuthenticationHeader ) {
		DataRow[] arrSessions;
		string strMatch;

		// Load Session keys
		if (Context.Cache["SessionKeys"] == null)
			LoadSessionKeys();
		

		// Test for match
		strMatch = "session_key='" + objAuthenticationHeader.SessionKey;
		strMatch += "' And session_expiration > #" + DateTime.Now + "#";
		arrSessions = ((DataTable)Context.Cache["SessionKeys"]).Select( strMatch );
		if (arrSessions.Length > 0)
			return true;
		else
			return false; 
	}
}

public class AuthHeader : SoapHeader {
	public string SessionKey;
}

public class ServiceTicket {
	public bool IsAuthenticated;
	public string SessionKey;
	public DateTime Expiration;
}