Question

我有一个传输文件的Web服务，我想验证传输源是否具有访问权限。我通过从AD中提取的用户SID对我的所有客户端进行身份验证，然后将其加密并存储在数据库中。我遇到的问题是传输文件的客户端每49152字节调用一次服务。所以基本上我不希望它每次进入新的字节数组时都要进行DB调用。任何想法我怎么能让它调用DB一次来验证加密的SID被验证一次然后信任它直到完成？

这是我的代码：

 public class TransferFile : System.Web.Services.WebService
    {
        int Authenticated = 0;
        [WebMethod]
        public void WriteBinaryFile(string userSID, byte[] buffer, string FileName)
        {

            string ConnectionString = null;
            string DBServer = null;
            string AuthenticationMethod = null;
            string DB_U = null;
            string DB_P = null;
            string DBName = null;
            try
            {
                XmlReader xmlReader = XmlReader.Create(@"C:\Program Files\SM\SM_DB_Config.xml");
                while (xmlReader.Read())
                {
                    if ((xmlReader.NodeType == XmlNodeType.Element) && (xmlReader.Name == "DB_Server"))
                    {
                        string strUsername = null;
                        strUsername = xmlReader.ReadInnerXml().ToString();
                        if (strUsername.ToString() == "")
                        {
                        }
                        else
                        {
                            DBServer = SpartaCrypto.SpartaDecryptAES(strUsername, "secretcode");
                        }
                    }
                    if ((xmlReader.NodeType == XmlNodeType.Element) && (xmlReader.Name == "DB_Name"))
                    {
                        string strUsername = null;
                        strUsername = xmlReader.ReadInnerXml().ToString();
                        if (strUsername.ToString() == "")
                        {
                        }
                        else
                        {
                            DBName = SpartaCrypto.SpartaDecryptAES(strUsername, "secretcode");
                        }
                    }
                    if ((xmlReader.NodeType == XmlNodeType.Element) && (xmlReader.Name == "DB_AuthenticationMethod"))
                    {
                        string strUsername = null;
                        strUsername = xmlReader.ReadInnerXml().ToString();
                        if (strUsername.ToString() == "")
                        {
                        }
                        else
                        {
                            AuthenticationMethod = SpartaCrypto.SpartaDecryptAES(strUsername, "secretcode");
                        }
                    }
                    if ((xmlReader.NodeType == XmlNodeType.Element) && (xmlReader.Name == "DB_U"))
                    {
                        string strUsername = null;
                        strUsername = xmlReader.ReadInnerXml().ToString();
                        if (strUsername.ToString() == "")
                        {
                        }
                        else
                        {
                            DB_U = SpartaCrypto.SpartaDecryptAES(strUsername, "secretcode");
                        }
                    }
                    if ((xmlReader.NodeType == XmlNodeType.Element) && (xmlReader.Name == "DB_P"))
                    {
                        string strUsername = null;
                        strUsername = xmlReader.ReadInnerXml().ToString();
                        if (strUsername.ToString() == "")
                        {
                        }
                        else
                        {
                            DB_P = SpartaCrypto.SpartaDecryptAES(strUsername, "secretcode");
                        }
                    }

                }
                xmlReader.Close();
                if (AuthenticationMethod == "Integrated")
                {
                    ConnectionString = "Data Source=" + DBServer + ";Provider=SQLOLEDB;Initial Catalog=" + DBName + ";Integrated Security=SSPI;";
                }
                else
                {
                    ConnectionString = "Data Source=" + DBServer + ";Provider=SQLOLEDB;Initial Catalog=" + DBName + ";User ID=" + DB_U + ";Password=" + DB_P;
                }
                String query = "SELECT COUNT(AD_SID) As ReturnCount FROM AD_Authorization WHERE AD_SID = ?";
                OleDbConnection conn = new OleDbConnection(ConnectionString);

                OleDbCommand cmd = new OleDbCommand(query, conn);

                cmd.Parameters.AddWithValue("userSID", userSID.ToString());
                conn.Open();
                int returnCount = (Int32)cmd.ExecuteScalar();
                conn.Close();
                if (returnCount >= 1)
                {
                    Authenticated = 1;

                }
                else
                {
                    Authenticated = 0;
                }
            }
            catch (Exception ex)
            {

            }

            if (Authenticated == 1)
            {
                string PathName = @"C:\Test\";


                using (FileStream fs = new FileStream(PathName + FileName, FileMode.OpenOrCreate, FileAccess.Write, FileShare.ReadWrite))
                {
                    fs.Seek(0, SeekOrigin.End);
                    fs.Write(buffer, 0, buffer.Length);
                }
            }
        }
    }

Answer 1

如果你唯一关心的是频繁访问数据库，我建议你在网络服务中将SID缓存为经过身份验证。每当您收到请求时，检查缓存中是否存在该值，如果该值不存在，则点击该数据库。您还应该设置到期的最佳时间。

您可以将HttpRuntime.Cache用于此目的。

用于设置缓存

中的值的代码

HttpRuntime.Cache.Insert(userSID, 1, null, System.Web.Caching.Cache.NoAbsoluteExpiration, new TimeSpan(0, 5, 0))

从缓存中获取值的代码

HttpRuntime.Cache.Get(userSID)

Answer 2

也许您可以将第一个结果保存在 ASP.NET缓存中。见http://msdn.microsoft.com/en-us/library/aa480499.aspx

您可以将对象（如验证变量）保存在缓存中，如下所示：

var Authenticated = ... (the value that you already have)

HttpContext.Current.Cache.Insert(
                    "myAuthenticatedCacheKey",
                    Authenticated,
                    null, DateTime.Now.AddMinutes(10), // 10 minutes expiration
                    System.Web.Caching.Cache.NoSlidingExpiration
                    );

你可以像这样恢复它们：

var Authenticated = HttpContext.Current.Cache.Get("myAuthenticatedCacheKey");

另一种方法可以是使用应用程序对象（与Session对象相同但具有应用程序范围，并且在所有会话之间共享）。您可以从Application范围中存储和检索对象，如下所示：

Session("myAuthenticatedSessionKey") = Authenticated;
...
var Authenticated = Session("myAuthenticatedSessionKey");

请注意，从Cache或Application对象中检索对象时，需要强制转换。

验证用于传输文件的Web服务？

2 个答案: