Web服务身份验证 - 最佳做法? [英] Web Services authentication - best practices?
问题描述
我们在生产SOAP Web服务在依赖SOAP头(含普通客户端证书)进行身份验证。该WS在使用.NET /的Java / PHP / Python的/ C ++客户端都Web应用程序或桌面应用程序的异构环境中使用。
We have SOAP web services in production that are relying on SOAP Headers (containing plain client credentials) for the authentication. The WS are used in heterogeneous environments with .NET/Java/PHP/Python/C++ clients both web app or desktop app.
我们正在考虑为那些WS一v2和我想知道什么被视为的最佳实践的WS为SOAP验证? (比较安全,且易于处理上各种各样的平台)。
We are considering a v2 for those WS and I am wondering what are considered as the best practices for WS SOAP authentication? (reasonably secure, yet easy to handle on a wide variety of platforms).
推荐答案
在各种平台来处理它的最简单的方法是使用HTTP基本身份验证和HTTPS的传输层。如果你的需求超过简单的用户名/密码,但是支持将会改变平台之间颇有几分WS-Security的将是一件好事。 HTTP认证是由每一个像样的SOAP实现支持。
The easiest way to handle it across a variety of platforms is to use HTTP basic authentication and HTTPS for the transport layer. WS-Security would be good if your needs go beyond simple username/password but the support is going to vary quite a bit between platforms. HTTP authentication is supported by every decent SOAP implementation.
这篇关于Web服务身份验证 - 最佳做法?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!