H
Holly Li
Hi,
I am following the example in .net's help doc--"Securing
XML Web Services Created Using ASP.NET"
I have copied all the code from the example but couldn't
make it to work. The problem is that inside the method:
private void OnAuthenticate(WebServiceAuthenticationEvent
e)
{
if (_eventHandler == null)
return;
_eventHandler(this, e);
if (e.User != null)
e.Context.User = e.Principal;
}
}
_eventHandler is always null. So the method returns from
there. I am not sure what I did is wrong. Could someone
help? Thank you.
Followings are code:
1)HttpModele
using System;
using System.Web;
using System.IO;
using System.Xml;
using System.Xml.XPath;
using System.Text;
using System.Web.Services.Protocols;
namespace Security
{
public delegate void
WebServiceAuthenticationEventHandler(Object sender,
WebServiceAuthenticationEvent e);
public class WebServiceAuthenticationModule :
IHttpModule
{
private
WebServiceAuthenticationEventHandler
_eventHandler = null;
public event
WebServiceAuthenticationEventHandler Authenticate
{
add { _eventHandler += value;}
remove {_eventHandler -= value;}
}
public void Dispose()
{
}
public void Init(HttpApplication app)
{
app.AuthenticateRequest += new
EventHandler
(this.OnEnter);
}
private void OnAuthenticate
(WebServiceAuthenticationEvent e)
{
if (_eventHandler == null)
return;
_eventHandler(this, e);
if (e.User != null)
e.Context.User =
e.Principal;
}
public string ModuleName
{
get{
return "WebServiceAuthentication"; }
}
void OnEnter(Object source, EventArgs
eventArgs)
{
HttpApplication app =
(HttpApplication)source;
HttpContext context = app.Context;
Stream HttpStream =
context.Request.InputStream;
// Save the current position of
stream.
long posStream =
HttpStream.Position;
// If the request contains an
HTTP_SOAPACTION
// header, look at this message.
if
(context.Request.ServerVariables["HTTP_SOAPACTION"]
== null)
return;
// Load the body of the HTTP
message
// into an XML document.
XmlDocument dom = new XmlDocument
();
string soapUser;
string soapPassword;
try
{
dom.Load(HttpStream);
// Reset the stream
position.
HttpStream.Position =
posStream;
// Bind to the
Authentication header.
soapUser =
dom.GetElementsByTagName("User").Item
(0).InnerText;
soapPassword =
dom.GetElementsByTagName("Password").Item
(0).InnerText;
}
catch (Exception e)
{
// Reset the position of
stream.
HttpStream.Position =
posStream;
// Throw a SOAP exception.
XmlQualifiedName name =
new
XmlQualifiedName
("Load");
SoapException
soapException = new SoapException(
"Unable to read
SOAP request", name, e);
throw soapException;
}
// Raise the custom global.asax
event.
OnAuthenticate(new
WebServiceAuthenticationEvent
(context, soapUser,
soapPassword));
return;
}
}
}
2)the code that is added to global.aspx:
protected void WebServiceAuthentication_OnAuthenticate
(Object sender, WebServiceAuthenticationEvent e)
{
if(e.User=="hello" &&
e.Password=="hellopw")
{
string[] roles={"admin"};
e.Authenticate(roles);
}
}
3)The code added to web.config
<configSections>
<section name="WebServiceAuthentication"
type="Security.WebServiceAuthenticationModule,
WebServiceSample" allowLocation="false" />
</configSections>
Holly
I am following the example in .net's help doc--"Securing
XML Web Services Created Using ASP.NET"
I have copied all the code from the example but couldn't
make it to work. The problem is that inside the method:
private void OnAuthenticate(WebServiceAuthenticationEvent
e)
{
if (_eventHandler == null)
return;
_eventHandler(this, e);
if (e.User != null)
e.Context.User = e.Principal;
}
}
_eventHandler is always null. So the method returns from
there. I am not sure what I did is wrong. Could someone
help? Thank you.
Followings are code:
1)HttpModele
using System;
using System.Web;
using System.IO;
using System.Xml;
using System.Xml.XPath;
using System.Text;
using System.Web.Services.Protocols;
namespace Security
{
public delegate void
WebServiceAuthenticationEventHandler(Object sender,
WebServiceAuthenticationEvent e);
public class WebServiceAuthenticationModule :
IHttpModule
{
private
WebServiceAuthenticationEventHandler
_eventHandler = null;
public event
WebServiceAuthenticationEventHandler Authenticate
{
add { _eventHandler += value;}
remove {_eventHandler -= value;}
}
public void Dispose()
{
}
public void Init(HttpApplication app)
{
app.AuthenticateRequest += new
EventHandler
(this.OnEnter);
}
private void OnAuthenticate
(WebServiceAuthenticationEvent e)
{
if (_eventHandler == null)
return;
_eventHandler(this, e);
if (e.User != null)
e.Context.User =
e.Principal;
}
public string ModuleName
{
get{
return "WebServiceAuthentication"; }
}
void OnEnter(Object source, EventArgs
eventArgs)
{
HttpApplication app =
(HttpApplication)source;
HttpContext context = app.Context;
Stream HttpStream =
context.Request.InputStream;
// Save the current position of
stream.
long posStream =
HttpStream.Position;
// If the request contains an
HTTP_SOAPACTION
// header, look at this message.
if
(context.Request.ServerVariables["HTTP_SOAPACTION"]
== null)
return;
// Load the body of the HTTP
message
// into an XML document.
XmlDocument dom = new XmlDocument
();
string soapUser;
string soapPassword;
try
{
dom.Load(HttpStream);
// Reset the stream
position.
HttpStream.Position =
posStream;
// Bind to the
Authentication header.
soapUser =
dom.GetElementsByTagName("User").Item
(0).InnerText;
soapPassword =
dom.GetElementsByTagName("Password").Item
(0).InnerText;
}
catch (Exception e)
{
// Reset the position of
stream.
HttpStream.Position =
posStream;
// Throw a SOAP exception.
XmlQualifiedName name =
new
XmlQualifiedName
("Load");
SoapException
soapException = new SoapException(
"Unable to read
SOAP request", name, e);
throw soapException;
}
// Raise the custom global.asax
event.
OnAuthenticate(new
WebServiceAuthenticationEvent
(context, soapUser,
soapPassword));
return;
}
}
}
2)the code that is added to global.aspx:
protected void WebServiceAuthentication_OnAuthenticate
(Object sender, WebServiceAuthenticationEvent e)
{
if(e.User=="hello" &&
e.Password=="hellopw")
{
string[] roles={"admin"};
e.Authenticate(roles);
}
}
3)The code added to web.config
<configSections>
<section name="WebServiceAuthentication"
type="Security.WebServiceAuthenticationModule,
WebServiceSample" allowLocation="false" />
</configSections>
Holly