学步园

WCF能够共享ASP.NET的session，不同的WCF客户端代理类在采用Per Call模式下访问WCF能够访问同一个ASP.NET Session.但是WCF的Session和ASP.NET的Session是不同的。

• WCF的Session代表着服务实例，它是被客户端代理类访问时初始化的。WCF依靠消息通道，安全回话和消息模式等来联系session的。
• 而ASP.NET的session是类似服务端的一种存储数据的模式。它是通过客户端cookie和uri来维护session的

1. 利用ASP.NET的session实现认证，在aspx里记录用户认证信息：

string UserId = HttpContext.Current.User.Identity.Name;<br /> int Timeout = HttpContext.Current.Session.Timeout

2. 如果WCF服务端能够共享Asp.NET的session，必须在WCF配置文件中进行如下设置：

<serviceHostingEnvironment aspNetCompatibilityEnabled="true" />3.在服务端新建一个用户类：

public static class UserHelper<br /> {<br /> public const string SessionUserKey = "Session_Current_User";</p> <p> /// <summary><br /> /// 取得当前用户信息<br /> /// </summary><br /> public static UserInfo CurrentUser<br /> {<br /> get<br /> {<br /> if (!HttpContext.Current.User.Identity.IsAuthenticated)<br /> {<br /> HttpContext.Current.Response.Redirect(System.Configuration.ConfigurationManager.AppSettings["LogoutRedirectUrl"]);<br /> return null;<br /> }</p> <p> string key = SessionUserKey;<br /> object user = null;</p> <p> if(HttpContext.Current.Session != null)<br /> user = HttpContext.Current.Session[key];</p> <p> if (user == null)<br /> {<br /> var info = new AdminService().GetUserById(HttpContext.Current.User.Identity.Name); // 获取用户信息<br /> HttpContext.Current.Session[key] = info;<br /> return info;<br /> }<br /> return (UserInfo)user;<br /> }<br /> set { HttpContext.Current.Session[SessionUserKey] = value; }<br /> }<br /> }4. 在WCF服务端可以利用共享的session来判断权限：

[Serializable]<br /> [AspNetCompatibilityRequirements(RequirementsMode = AspNetCompatibilityRequirementsMode.Allowed)]<br /> [ServiceBehavior(InstanceContextMode = InstanceContextMode.PerCall)]<br /> public partial class AdminService : IAdminService<br /> {<br /> public AdminService()<br /> {<br /> }<br /> public string InsertAdmin(Admin admin)<br /> {<br /> int errorCount = 0;<br /> if (!UserHelper.CurrentUser == null)<br /> {<br /> CustomerFaultException exception = new CustomerFaultException<br /> {<br /> ExceptionCode = "S001",<br /> ExceptionMessage = "没有权限访问，请登录！"<br /> };<br /> throw new FaultException<CustomerFaultException>(exception);<br /> }<br /> AdminSummary adminSummary = adminDal.GetAdminSummary(admin.UserId, out errorCount);<br /> if (adminSummary == null)<br /> return adminDal.InsertAdmin(admin);<br /> else<br /> return "1001";<br /> }5.在客户端获取sessionId，我们可以通过Cookie获取客户端的sessionId

void InitialInvoke()<br /> {<br /> IHelloService proxy = factory.CreateChannel();<br /> using (new OperationContextScope((IContextChannel)proxy))<br /> {<br /> Console.WriteLine(proxy.Greet("Hello"));<br /> HttpResponseMessageProperty responseProperty = OperationContext.Current.IncomingMessageProperties[HttpResponseMessageProperty.Name]<br /> as HttpResponseMessageProperty;<br /> helper = HttpSessionCookieHelper.Create((string)responseProperty.Headers[HttpResponseHeader.SetCookie]);<br /> }</p> <p> ((IClientChannel)proxy).Close();<br /> }httpSessionCookieHelper是从cookie中获取sessionId的(CookieName 是“ASP.NET_SessionId”)
class HttpSessionCookieHelper<br /> {<br /> const string AspNetSessionIdCookieName = "ASP.NET_SessionId";<br /> string aspNetSessionId = string.Empty;<br /> HttpSessionCookieHelper()<br /> { }</p> <p> public static HttpSessionCookieHelper Create(string cookieString)<br /> {<br /> HttpSessionCookieHelper helper = new HttpSessionCookieHelper();<br /> helper.ParseCookieString(cookieString);<br /> return helper;<br /> }</p> <p> public static HttpSessionCookieHelper CreateFromSessionId(string sessionId)<br /> {<br /> HttpSessionCookieHelper helper = new HttpSessionCookieHelper();<br /> helper.aspNetSessionId = sessionId;<br /> return helper;<br /> }</p> <p> public void AddSessionIdToRequest(HttpRequestMessageProperty requestProperty)<br /> {<br /> if (string.IsNullOrEmpty(this.aspNetSessionId))<br /> return;</p> <p> string sessionCookieString = string.Format("{0}={1}", AspNetSessionIdCookieName, this.aspNetSessionId);<br /> string cookieString = (string)requestProperty.Headers[HttpRequestHeader.Cookie];<br /> if (string.IsNullOrEmpty(cookieString))<br /> {<br /> cookieString = sessionCookieString;<br /> }<br /> else<br /> {<br /> cookieString = string.Format("{0}; {1}", cookieString, sessionCookieString);<br /> }</p> <p> requestProperty.Headers[HttpRequestHeader.Cookie] = cookieString;<br /> }</p> <p> void ParseCookieString(string cookieString)<br /> {<br /> if (string.IsNullOrEmpty(cookieString))<br /> return;</p> <p> string[] cookies = cookieString.Split(';');<br /> for (int i = 0; i < cookies.Length; i++)<br /> {<br /> string[] cookieNameValues = cookies[i].Split('=');<br /> if (cookieNameValues[0] == AspNetSessionIdCookieName)<br /> {<br /> this.aspNetSessionId = cookieNameValues[1];<br /> return;<br /> }<br /> }<br /> }</p> <p> public string AspNetSessionId<br /> {<br /> get<br /> {<br /> return this.aspNetSessionId;<br /> }<br /> }<br /> }

这样我们可以在第一次调用的回复中获取sessionId

void Invoke2()<br /> {<br /> IHelloService proxy = factory.CreateChannel();<br /> using (new OperationContextScope((IContextChannel)proxy))<br /> {<br /> HttpRequestMessageProperty requestProperty = new HttpRequestMessageProperty();<br /> helper.AddSessionIdToRequest(requestProperty);<br /> OperationContext.Current.OutgoingMessageProperties[HttpRequestMessageProperty.Name] = requestProperty;<br /> Console.WriteLine(proxy.Greet("Howdy"));<br /> }</p> <p> ((IClientChannel)proxy).Close();</p> <p> if (Interlocked.Increment(ref completedCount) == 2)<br /> {<br /> waitHandle.Set();<br /> }<br /> }注：第5点可以参照：http://blogs.msdn.com/b/wenlong/archive/2010/02/21/using-asp-net-sessions-from-wcf.aspx