如何在ASP.NET中登录服务，API和管理访问权限？ [英] How do I make a login to services, an API, and an administrative access in ASP.NET?

问题描述

我正在开发一个UWP应用程序，因为我无法使用传统的外部数据库，所以我必须创建一个Web服务。



我是asp的新手.net，但我认为我正在抓住这个概念，因为我习惯使用RESTful API而没有太大的飞跃，只是从来没有做过。我只需要一些指示就可以让我滚动。



我需要做的事情：



我需要能够保护API，它将包含用户信息，我不希望有人转储API结果。



我需要对用户进行身份验证，200多个用户。



我需要权限角色来决定对特定服务的访问权限。 IE，用户可以登录并查看已签入人员和其他资源的列表。我需要员工设置他们的存在（签到/签出），而我需要让位置/服务更新他们的资源和活动。



我需要一个管理级别的访问权限，所以我可以修复我要求修复的数据中出现的任何问题。



我希望这一切都能连接到UWP，但也有一个网站。



我可以担心功能，让他们以后在我的应用程序中工作，现在，我只需要收集和存储数据安全，并允许登录，因为我把所有东西一块一块地绑在一起。



谢谢，



Odin Wynd



我的尝试：



我是尽量保持这个纯粹的asp.net，并且必须兼容UWP。



我看了几个不同的途径，但是，我不确定数据的安全性，我不确定如何用我的例子来管理它看到。



我有一个访问数据库我在此期间存储信息，但是，它对UWP没用，因为它不允许任何外部数据库，只有内部SQLight可在UWP中使用。不是我需要的这个项目。我需要创建一个Web服务。

I am working on a UWP app, and since I am unable to use traditional external databases, I must make a web service.

I am new to asp.net, but I think I am grasping the concept, not too huge of a leap since I am use to using RESTful APIs, just never made one. I just need a few pointers to get me rolling on this.

Things I need to do:

I need to be able to secure the API, it will have user information in it and I do not want someone to dump API results.

I need to authenticate users, 200+ users.

I need permission roles that determine access to specific services. IE, users can log in and view a list of checked in staff, and other resources. I need staff to be able to set their presence (checked-in/checked-out), while I need to let locations/services update their resources available, and events.

I need an administrative level access, so I can fix any issues that arise in the data that I am requested to fix.

I want this all to connect to UWP, but have a website as well.

I can worry about features and getting them to work later in my apps, right now, I just need to collect and store data securely, and allow for logging in as I tie everything together piece by piece.

Thank you,

Odin Wynd

What I have tried:

I am trying to keep this as pure asp.net as possible, and has to be UWP compatible.

I have looked at a few different avenues, but, I am unsure of security of data, and, I am unsure how to administer it overall with what examples I have seen.

I have an access database I am storing info in the meantime with, but, it is useless for UWP as it does not allow any external databases, only internal SQLight is usable in UWP. Not what I need for this project. I need to make a web service.

推荐答案

保持它只是ASP.NET，但在UWP中使用Web API。我一直在我使用的许多应用程序中这样做，我也为此写了很多文章。



在我看来，您可以在以下列表中得出所有积分：



1您需要一个控制用户交互方式和数据共享方式的Web应用程序。

2.您希望在用户访问数据之前对其进行身份验证。您还希望只有经过身份验证的用户才能获取数据，其他用户则无法访问这些资源。

3.您希望使用相同的数据（来自网站）以便能够在UWP应用程序中呈现。



那个是你所拥有的，所以，创建一个小的（或平均; 200个用户！）Web应用程序并定义自己的数据库模式。我没有任何帮助，因为你在这里没有分享任何这样的信息。但是，就身份验证而言，您需要做的只是将Authorize属性应用于控制器，ASP.NET将自动要求用户登录，

Keep it just ASP.NET, but consume the Web API in the UWP. I have been doing that in a number of applications that I use and I have been writing a lot of articles for this too.

In my own view, all of yours points can be concluded in the following list:

1. You want a web application that controls how users interact and how data is shared.
2. You want to authenticate the users before they can access the data. You also want only authenticated users to get the data, others should not be able to access the resources.
3. You want to use the same data (from the website) to be able to get rendered in the UWP applications.

That was what you were having, so, create a small (or average; 200 users!) web application and define your own schema of database. I won't be of any help, because you haven't shared any such information here. But, as far as that authentication is concerned, all you need to do is just apply Authorize attribute to the controller and ASP.NET will automatically require users to be logged in,

[Authorize]
public class MyController : Controller
{
   // Wont be accessed unless authorized.
   public List<string> Get() {
   }

   // ... Rest of the functions
}
</string>

然后，您将能够在应用程序中使用API​​调用来获取数据。您可以获取任何格式的数据，确保在线路上传输时可以对其进行序列化和反序列化。



所有这些都已在本文中进行了总结。我的， ASP.NET 5 Web API RESTful CRUD和Windows 10本机应用程序 [ ^ ]。它讨论了创建Web应用程序，创建API部分，允许模型在API使用中使用。之后，本文讨论了创建UWP应用程序（Windows 10使用UWP应用程序平台），然后文章指导您在应用程序中使用API​​以向用户提供来自Web API的数据。



如果你是ASP.NET的新手，请阅读我的这篇文章：使用真实世界的例子了解ASP.NET MVC，适用于初学者和中级人员 [ ^ ]



AuthorizeAttribute Class （System.Web.Mvc） [ ^ ]

Then you will be able to consume the API calls in your application to get the data. You can get the data in any format, make sure it can be serialized and deserialized while being transferred on the wire.

All of this has been summarized in this article of mine, ASP.NET 5 Web API RESTful CRUDs and Windows 10 native application[^]. It talks about creating web applications, creating the API portion, allowing the models to be used in the API consumption. After that, the article talks about creating the UWP application (Windows 10 uses UWP application platform) and then article guides you on consuming the API in your application to provide the users with the data from Web API.

If you are novice to ASP.NET, read this article of mine for that: Understanding ASP.NET MVC using real world example, for beginners and intermediate[^]

AuthorizeAttribute Class (System.Web.Mvc)[^]

这篇关于如何在ASP.NET中登录服务，API和管理访问权限？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！