我们如何确保网络API？ [英] How can we secure a web api?

问题描述

我们如何确保提供移动应用程序和单个 页面Web应用程序的web api。



我是什么尝试过：



研究过有不同的技术，包括cookies，jwt，但jwt很新，没有足够的资源来制作它在.net中工作。

How can we secure a web api , which serves mobile application and a single page web application.

What I have tried:

Have researched there are different techniques, including cookies,jwt , but jwt is quite new and don't have enough resources to make it working in .net.

推荐答案

并且通过安全你的意思是什么？你的意思是，应该防止未经授权的访问？在这种情况下，您需要一个身份验证系统。 ASP.NET Web API已经具有该功能，它被称为身份。



ASP.NET Identity 2.1 with ASP.NET Web API 2.2（账户管理） - 第1部分 - 技术位 [ ^ ]



ASP.NET本身就有Identity框架，所有你需要做的就是启用帐户还包含用于Web API的标记或身份验证密钥。由于您的移动应用程序也由同一个Web应用程序提供支持，您可以尝试使用相同的应用程序注册用户 - 用户名/密码。只需为用户添加表单，填写然后对其进行身份验证即可。



如果您希望Web API拥有不同的身份验证系统，请查看OAuth。 OAuth 2.0 - OAuth [ ^ ]。



Web API和身份验证的工作也在我之前的一篇文章中有所解释，连接设备上的面部生物识别身份验证 [ ^ ]，跳到它提到认证系统的部分，然后在那里阅读方法。



对于其他类型的安全性，如SQL注入，XSS攻击等，请阅读 ASP.NET文档安全性 [ ^ ]。它们提供了更广泛的概念和方法来保护您的应用程序免受针对您的网站或数据的最突出攻击。

And by secure what do you actually mean? Do you mean, that unauthorized access should be prevented? In that case, you need an authentication system. ASP.NET Web API already has that feature, it is called Identity.

ASP.NET Identity 2.1 with ASP.NET Web API 2.2 (Accounts Management) - Part 1 - Bit of Technology[^]

ASP.NET has the Identity framework itself, all that you need to do is enable the accounts to also contain the tokens or authentication keys to use with Web API. Since your mobile application, is also powered by the same web application, you can try to register the users using the same application — username/password. Just add a form for the user, to fill in and then authenticate them.

If you want Web API to have a different authentication system, then look into OAuth. OAuth 2.0 — OAuth[^].

The working of the Web API and authentication was also a bit explained in one of my previous articles, Facial biometric authentication on your connected devices[^], skip to the parts where it mentions authentication system, then read the method there.

For other types of security, such as SQL Injection, XSS attacks etc, please read the complete go through section of Security on ASP.NET documentation[^]. They provide even a broader concept and ways to secure your application against most prominent attacks against your website, or data.

这篇关于我们如何确保网络API？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！