WCF基于REST的服务的身份验证方案 [英] WCF REST based services authentication schemes
问题描述
我有一组半公开的REST API的,我们正在构建一个简单的身份验证方案:
I have a simple authentication scheme for a set of semi-public REST API's we are building:
/-----------------------\
| Client POST's ID/Pass |
| to an Auth Service |
\-----------------------/
[Client] ------------POST----------------------> [Service/Authenticate]
|
/-------------------------------\
| Service checks credentials |
[Client] <---------Session Cookie------- | and generates a session token |
| | in a cookie. |
| \-------------------------------/
|
[Client] -----------GET /w Cookie -------------> [Service/Something]
|
/----------------------------------\
| Client must pass session cookie |
| with each API request |
| or will get a 401. |
\----------------------------------/
这工作得很好,因为客户端永远不会需要做的,除了收到cookie什么,然后跳过它。对于浏览器应用程序,该浏览器自动发生,对于非浏览器应用程序,它是pretty琐碎保存cookie并与每个请求发送。
This works well, because the client never needs to do anything except receive a cookie, and then pass it along. For browser applications, this happens automatically by the browser, for non browser applications, it is pretty trivial to save the cookie and send it with each request.
不过,我还没有想出这样做从浏览器应用程序的初始握手一个好方法。例如,如果这是所有采用AJAX技术发生的事情,什么prevents从能够访问该ID的用户/密码的客户端使用的服务握手?
However, I have not figured out a good approach for doing the initial handshake from browser applications. For example, if this is all happening using a AJAX technique, what prevents the user from being able to access the ID/Pass the client is using to handshake with the service?
这似乎就像这是唯一的绊脚石这种做法,我很为难。
It seem's like this is the only stumbling block to this approach and I'm stumped.
推荐答案
一种可能性是生成每个服务器AJAX页面一次性衬垫,并且垫附加到会话cookie。现在,用户不能没有一次性垫发起会话。当然,他们可以只申请一个新的页面,以获得垫。
One possibility is to generate a one-time pad for each server AJAX page, and attach that pad to a session cookie. Now the user can't initiate a session without a one-time pad. Of course, they can just request a new page to get the pad.
这篇关于WCF基于REST的服务的身份验证方案的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
