开发者

Within PreRequestHandlerExecute, determine name of class in .asmx file

Ultimately, i'm trying to obtain a reference to the webmethod that will handle a request, BEFORE it handles the request开发者_高级运维, in order to check its custom attributes.

Currently, I have it working by appending the request path to the project namespace, removing the .asmx extension and replacing slashes with dots. However, this assumes that the class namespace hierarchy matches the request path hierarchy, and there's no reason why it should.

Short of opening the file and parsing it - is there a way that given a request path to an asmx file I can retrieve a reference to either the class type within or the name of the class type within?

Pretty new to .NET so what i'm doing might be silly. But either way, i'd be interested in the answer :)

EDIT: It's not my project, and it's locked in to using ASP.NET 3.5 and asmx webservices

EDIT: The aim is to be able to prevent certain webservices from being executed by unauthenticated users, without adding authentication code to every webmethod. My idea was to use a custom attribute on webmethods marking them as public, and only those will be allowed by a custom HTTP module or handler to be executed by an unauthenticated user. The type of user is stored in the session.


First of all, I will suggest that you switch to WCF web services because asmx is now considered as legacy technologies (see MSDN). WCF has several extension points in its pipe-line that should meet your goals.

Now said that, one of the hack solution could be to put your own handler or handler factory for asmx files and then use WebServiceParser.GetCompiledType method to get actual asmx service type, inspect your attributes. You can then use WebServiceHandlerFactory.GetHandler to create actual handler and execute the request.

Perhaps, you should explain what you want to do with custom attributes so that someone can provide you with the better solution.

EDIT: In case you want to secure the entire asmx or directory then it can be easily possibly using built-in authorization - for example:

<location path="secure.asmx">
 <system.web>
   <authorization>
     <allow users="*" />
     <deny users="?" />
   </authorization>
 </system.web>
</location>

This will allow access to all authenticated users and deny to anonymous users.

If you want a granular control at web method level then I will suggest to put the entire logic in a helper method - say EnforceSecurity (static method or instance method on base web service call for asmx) and invoke the helper method in relevant web methods. Its more or less equivalent from what you wish to do - instead of decorating methods with custom attribute, you will insert a method call into it.

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜