访问同一站点内的其他webapi [英] Access a different webapi within the same site
问题描述
在我们的产品设置中,我们有一些单独的网站服务作为一个网站托管。
网络服务来自单独的.NET项目。这样所有的Web服务都可以作为单独的产品进行维护,并具有单独的发行版本。
它们作为webapps安装在一个站点中,位于此站点下面。
/ site / webserviceA
/ site / webserviceB
我们遇到的问题是有时webserviceA需要调用webserviceB。
但你怎么做? / site要求用户登录。
接下来我们有一个在后台运行作业的hangfire。此过程将在应用程序池用户的凭据下运行。哪个未添加到允许访问该网站的组中。
有一个管理员用户。我们可以从会员提供商那里选择这个,但我们如何通过凭证?
我尝试过:
现在,我们只是创建一个生成密码的临时用户。
通过cookie识别webclient与此用户一起登录。
拨打电话。
删除用户。
这样可行,但这不是正确的方法。
Hi,
In our product setup we have some separate webservices that are hosted as a single site.
The webservices come from separate .NET projects. This is so that all webservices can be maintained as separate products with separate release versions.
They are installed together within a single site as webapps underneath this site.
/site/webserviceA
/site/webserviceB
The problem we have is that sometimes webserviceA requires to call webserviceB.
But how do you do this? The /site requires the user to logon.
Next this we have hangfire that runs jobs in the background. This proces will run under the credentials of the application pool user. Which is not added to the group which is allowed to access the site.
There is an admin user. And we can select this from the membership provider, but how do we pass the credentials?
What I have tried:
Right now, we are just creating a temporary user with a generated password.
Logon with this user through a cookie aware webclient.
Do the call.
Delete the user.
This works, but it cannot be the right way to do this.
推荐答案
对于您要做的事情,在不使用直通身份验证的情况下从一个Web服务连接到另一个服务,您似乎需要验证该服务的使用情况另一种方式。
因此,它总是被称为indigo或WCF。 Windows Communication Foundation是将企业服务绑定在一起的企业严肃方式。它支持一系列协议和身份验证方法,一个是certatino证书,基本上可以选择创建自己的X509证书并在两个端点(服务访问点)上注册,然后基本上你绕过用户凭据方面使用它机器身份验证方法。
Web api主要用于为请求http或https的客户端提供服务。 WCF可以使用一系列协议,例如net.tcp,这对于没有http膨胀而言更快......不要让我开始使用这个:) :)
无论如何,要继续你的web api主机验证你的其他服务与证书是安全的,发现这篇文章我认为会帮助你,如果不是网络上充满了例子。
Nine在WCF上启用X.509证书的简单步骤 [ ^ ]
还有人为web api请求这样做并最终成功,但我怀疑代表您不需要做太多额外的工作,特别是如果您使用的是ajax c# - 如何使用客户端证书在Web API中进行身份验证和授权 - Stack Overflow [ ^ ]
For what you're trying to do, connecting from one web service to another service without using passthrough authentication it seems you'll need to authenticate usage of that service in another way.
So there's always indigo or WCF as it came to be called. Windows Communication Foundation is the enterprise 'serious' way of binding together enterprise services. it supports a range of protocols and authentication methods, one is authenticatino by certificate and basically that gives you the option of creating your own X509 certificate and registering on both endpoints (service access points) and then essentially you bypass the user credentials aspect by using that machine authentication method.
Web api is essentially designed to service clients requesting http or https. WCF can use a range of protocols for instance net.tcp which is way faster in terms of not having the http bloating ... don't get me started on thisone :))
Anyway, to continue in your case that your web api host authenticates to your other service with a certificate is hightly secure, found this article i think will help you out and if not the web is overflowing with examples.
Nine simple steps to enable X.509 certificates on WCF[^]
There's also somebody doing this for web api requests and eventually succeeds, but i doubt that won't take a lot of extra work on your behalf to make happen, especially if you're using ajax c# - How to use a client certificate to authenticate and authorize in a Web API - Stack Overflow[^]
这篇关于访问同一站点内的其他webapi的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
