Security attributes in web service

3

Can you use AuthorizeAttribute in webservice asmx, soap or rest? And custom attributes, like the one below (example only)?

[System.AttributeUsage(System.AttributeTargets.Class |
                       System.AttributeTargets.Struct)
]
public class Author : System.Attribute
{
    private string name;
    public double version;

    public Author(string name)
    {
        this.name = name;
        version = 1.0;
    }
}
    
asked by anonymous 21.10.2015 / 20:57

1 answer

3

For Web Services, the correct one is to define an HTTP module that handles headers SOAP .

Next, you need to define a web method that does this handling of the header, there using the attributes already known.

A priori serves both ASMX and WCF.

Below is an example use with a RoleProvider ( teaching to implement here ):

public class SecureWebService : WebService{
  public Authentication authentication;

  [WebMethod]
  [SoapHeader("authentication")]
  public string UsuarioValido() {
    if (User.IsInRole("Cliente"))
      return "Usuário é um cliente";

    if (User.Identity.IsAuthenticated)
      return "Usuário validado";

    return "Não autenticado";
  }
}
    
21.10.2015 / 21:02