I have web service asp.Net and i want only o开发者_如何学Pythonne specific web application uses it, but I can't do this .
can any one tell me how i can solve this problem .
If you know the IP address of the only computer that is allowed to use your webservice, you can check for it and either return a 404 or an exception if it isn't.
Authentication solution
You can protect your methods by using the password as the argument in each of them, or in a better scenario use traditional forms authentication to authorize user (in this case your application) and then check if the user is logged while invoking webmethods.
For example crate authorize method like this:
[WebMethod(EnableSession = true)]
public bool Authorize(login, password)
{
if(login == "admin" && password == "supersecret")
{
FormsAuthentication.SetAuthCookie(login, false);
return true;
}
return false;
}
[WebMethod(EnableSession = true)
public string SomeWebMethod()
{
if(!User.Identity.IsAuthenticated)
throw Exception("User unathenticated");
/* method body */
}
Then you can use your webservice by invoking Authorize
method just once at the start of using it, and then use all methods you like because authentication info is stored in the webservice providing server session.
Do not forget to set EnableSession
to true in all your webmethods.
IP comparing solution
In your webservice put a method
public bool CanExecute()
{
return Context.Request.UserHostAddress == "290.110.11.12" /* put real ip here */
}
then in your webmethods use
[WebMethod(EnableSession = true)
public string SomeWebMethod()
{
if(!CanExecute())
throw Exception("User unathenticated");
/* method body */
}
Hope this helps :)
精彩评论