SoapHeader +vs2008-关于Web服务状态和安全性

因项目中有个功能。及在web服务端验证用户的角色，因为通过session方式传递。可能有安全性的隐患，故采用SoapHeader 方式。

在服务器端的service 方法加上一个继承SoapHeader 的类。

   public class Mysoapheader:System.Web.Services.Protocols.SoapHeader
    {
        public string UserName;
        public string Password;
   
    }

   public class Service1 : System.Web.Services.WebService
    {

        [WebMethod]
        public string HelloWorld()
        {
            return "Hello World";
        }

        public Mysoapheader mysoaper = new Mysoapheader();//必须public

        [WebMethod]
        [SoapHeader("mysoaper")]//mysoaper必须是上面的变量
        public int Sum(int a, int b)
        {
            if (Validator())
            {
                return a + b;
            }
            else
            {
                return 0;
            }
        }

        private bool Validator()
        {
            if (mysoaper == null)
            {
                return false;
            }
            else
            {
                if (mysoaper.UserName == "aaa")
                {
                    return true;
                }
                else
                {
                    return false;
                }
            }
        }
    }

在客户端调用：

    private void button1_Click(object sender, EventArgs e)
        {
            wssoaper.Mysoapheader mysoapheader = new WindowsFormsApplication1.wssoaper.Mysoapheader();
            mysoapheader.UserName = "ccc";
            mysoapheader.Password = "bbb";
            var soaper = new wssoaper.Service1SoapClient();
             MessageBox.Show(soaper.Sum(mysoapheader, 10, 8).ToString());//05和08调用有区别
        }

如果感觉ws安全性问题可以采用WSE：webservice 加强版