鉴权的原理：根据客户端发过来的账号密码，监测是否与服务端设置的账号密码是否正确

另外，客户端发过来的密码是加密的，具体是怎么加密的请参阅官方文档，这里直接用相应的函数实现与后端密码对比。经过测试是OK的。

客户端写错账号，或者不填，或者写错密码，都是可以提示错误的。

客户端测试软件：ONVIF Device Manager V2.2.250

int onvif_access_control(struct soap *soap)

{

    if (soap == NULL || soap->header == NULL || soap->header->wsse__Security == NULL)

    {

        printf ("no authentication,refuse it!\n");

        return 401;

    }

    _wsse__Security *pwsse  = soap->header->wsse__Security;

    struct _wsse__UsernameToken* ptoken = pwsse->UsernameToken;

    printf ("Username=%s\n", ptoken->Username);

    printf ("Nonce=%s\n", ptoken->Nonce);

    printf ("Password=%s\n", ptoken->Password->__item);

    printf ("PasswordType=%s\n", ptoken->Password->Type);

    printf ("wsu__Created=%s\n", ptoken->wsu__Created);

    if (strcmp(ptoken->Username, "admin") != 0)

    {

        printf("username is fault\r\n");

        return 401;

    }

    const char *password = "audfly2018";

    if (soap_wsse_verify_Password(soap,password))

    {

        soap_wsse_delete_Security(soap);

        printf("ERROR  Password is fault\r\n");

        return 401;

    }

    soap_wsse_delete_Security(soap);

    return SOAP_OK;

}