Web服务身份验证 - 最佳做法？ [英] Web Services authentication - best practices?

问题描述

我们在生产SOAP Web服务在依赖SOAP头（含普通客户端证书）进行身份验证。该WS在使用.NET /的Java / PHP / Python的/ C ++客户端都Web应用程序或桌面应用程序的异构环境中使用。

We have SOAP web services in production that are relying on SOAP Headers (containing plain client credentials) for the authentication. The WS are used in heterogeneous environments with .NET/Java/PHP/Python/C++ clients both web app or desktop app.

我们正在考虑为那些WS一v2和我想知道什么被视为的最佳实践的WS为SOAP验证？ （比较安全，且易于处理上各种各样的平台）。

We are considering a v2 for those WS and I am wondering what are considered as the best practices for WS SOAP authentication? (reasonably secure, yet easy to handle on a wide variety of platforms).

推荐答案

在各种平台来处理它的最简单的方法是使用HTTP基本身份验证和HTTPS的传输层。如果你的需求超过简单的用户名/密码，但是支持将会改变平台之间颇有几分WS-Security的将是一件好事。 HTTP认证是由每一个像样的SOAP实现支持。

The easiest way to handle it across a variety of platforms is to use HTTP basic authentication and HTTPS for the transport layer. WS-Security would be good if your needs go beyond simple username/password but the support is going to vary quite a bit between platforms. HTTP authentication is supported by every decent SOAP implementation.

这篇关于Web服务身份验证 - 最佳做法？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！