WCF 身份驗證 通過檢查客戶端IP

WCF 身份驗證

功能描述:

服務運行的時候，通過配置文件獲取所有可訪問SOA端的服務IP。每次客戶調用服務時獲取IP對比判定通過。

以下是獲取客戶端IP的代碼:

 /*************************************************************************************
 * 代碼:吳蔣
 * 時間:2012.02.07
 * 說明:安全類
 * 其他:
 * 修改人：
 * 修改時間：
 * 修改說明：
 ************************************************************************************/
using System.ServiceModel;
using System.ServiceModel.Channels;

namespace Tools
{
    public class Safe
    {
        public static Safe Instance()
        {
            return new Safe();
        }

        public string ClientIp()
        {             
            OperationContext context = OperationContext.Current;
            MessageProperties properties = context.IncomingMessageProperties;
            RemoteEndpointMessageProperty endpoint = properties[RemoteEndpointMessageProperty.Name] as RemoteEndpointMessageProperty;
            return endpoint.Address;
        }

        public string ClientPort()
        { 
            OperationContext context = OperationContext.Current;
            MessageProperties properties = context.IncomingMessageProperties;
            RemoteEndpointMessageProperty endpoint = properties[RemoteEndpointMessageProperty.Name] as RemoteEndpointMessageProperty;
            return endpoint.Port.ToString();
        }

        public string ClientIpAndPort()
        {
            OperationContext context = OperationContext.Current;
            MessageProperties properties = context.IncomingMessageProperties;
            RemoteEndpointMessageProperty endpoint = properties[RemoteEndpointMessageProperty.Name] as RemoteEndpointMessageProperty;
            return endpoint.Address + ";" + endpoint.Port.ToString();
        }
    }
}

XML 存放可訪問IP

<?xml version="1.0" encoding="utf-8" ?>
<configuration>
  <ip>192.168.0.71</ip>
  <ip>192.168.0.6</ip>
  <ip>127.0.0.1</ip>
  <ip>192.168.0.72</ip>
  <ip>192.168.0.136</ip>
  <ip>192.168.0.3</ip>
</configuration>

 

頁面加載時獲取所有可訪問IP

 public static DataTable dtRunIp;
        public static string MapPath = ConfigurationManager.ConnectionStrings["configPath"].ConnectionString; 
       
        protected void Application_Start(object sender, EventArgs e)
        {
            dtRunIp = XMLHelper.XmlHelper.Instance().ReadRunIP(MapPath + "/Config/RunConfig.config", "//configuration/ip");
        }

 

#region 特殊函數
        /// <summary>
        /// 匹配允許訪問IP
        /// </summary>
        /// <param name="path">文件路徑</param>
        /// <param name="node">節點名稱</param>
        /// <returns>轉換爲DataTable</returns>
        public DataTable ReadRunIP(string path, string node)
        {
            XmlDocument doc = new XmlDocument();
            doc.Load(path);
            DataTable dt = new DataTable();
            dt.Columns.Add("ip", typeof(string));
            XmlNodeList xnlist = doc.SelectNodes(node);
            if (xnlist.Count > 0)
            {
                for (int i = 0; i < xnlist.Count; i++)
                {
                    DataRow dr = dt.NewRow();
                    dr["ip"] = xnlist[i].InnerText;
                    dt.Rows.Add(dr);
                }
            }
            return dt;
        }
        #endregion

判斷IP許可

public static bool IsCanRead()
        {
            string clientIp = Tools.Safe.Instance().ClientIp();
            bool r = false;
            if (Global.dtRunIp.Rows.Count > 0)
            {
                for (int i = 0; i < Global.dtRunIp.Rows.Count; i++)
                {
                    if (clientIp == Global.dtRunIp.Rows[i]["ip"].ToString())
                    {
                        r = true;
                    }
                }
            }
            return r;

        }

 

在服務中的應用：

[ServiceContract]
    public class SOAControl
    {
        string msgr = "無訪問權限、服務器積極拒絕";
        //獲取xml文檔
        [OperationContract]
        public string GetXML(ref string msg)
        {
        
            if (Certificate.IsCanRead())
            {              
                return XmlHelper.Instance().XmlDocumentToString(Global.MapPath + "/Control/Control.config".ToString());
            }
            else
            {
                msg = msgr;
                return null;
            }
        }

WCF的配置文件設置

<?xml version="1.0"?>
<configuration>
  <system.serviceModel>
    <bindings>
      <wsHttpBinding>
        <binding name="NoneSecurity"
        maxBufferPoolSize="12000000" maxReceivedMessageSize="12000000" useDefaultWebProxy="false">
          <readerQuotas maxStringContentLength="12000000" maxArrayLength="12000000"/>
          <security mode="None"/>
        </binding>
      </wsHttpBinding>
    </bindings>
    <behaviors>
      <serviceBehaviors>
        <behavior name="Control.Service.SOAControlBehavior">
          <serviceMetadata httpGetEnabled="true"/>
          <serviceDebug includeExceptionDetailInFaults="false"/>
        </behavior>
      </serviceBehaviors>
    </behaviors>
    <services>
      <service behaviorConfiguration="Control.Service.SOAControlBehavior" name="Control.Service.SOAControl">
        <endpoint address="" binding="wsHttpBinding" contract="Control.Service.SOAControl" bindingConfiguration="NoneSecurity">
          <identity>
            <dns value="localhost"/>
          </identity>
        </endpoint>
        <endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange"/>
      </service>
    </services>
  </system.serviceModel>
</configuration>

注意事項，在客戶端訪問的時候是IP6的，可以直接將IP保存到XML文件中，或禁用IP6

源碼下載 http://download.csdn.net/detail/wujiang1984/4131313 點擊打開鏈接