使用身份验证请求时生成密钥的最佳方法是什么 [英] What is the best approach for generating the keys whenever use authenticate request

问题描述

通常在MVC中我们在webapi中使用API​​密钥生成，但我们遇到API问题

密钥生成任何提出服务请求的人传输其密钥，理论上讲，这个密钥可以像任何网络传输一样简单，如果整个网络中的任何一点都不安全，整个网络都会暴露出来。这使得API密钥难以推荐 - 经常被滥用和根本不安全，



这就是为什么我需要最佳方法来生成密钥，每当使用Authinticate请求时





请帮帮我，



谢谢你。



我尝试过的事情：

Generally in MVC we are using API key generation in webapi but we have problem with API
key generation that is anyone who makes a request of a service transmits their key, in theory, this key can be picked up just as easy as any network transmission, and if any point in the entire network is insecure, the entire network is exposed. This makes API keys a hard thing to recommend – often misused and fundamentally insecure,

that's why i need best approach for generate the keys whenever use Authinticate request


Please help me,

Thank u.

What I have tried:

anyone who makes a request of a service transmits their key, in theory, this key can be picked up just as easy as any network transmission, and if any point in the entire network is insecure, the entire network is exposed. This makes API keys a hard thing to recommend – often misused and fundamentally insecure,

推荐答案

使用并强制执行HTTPS。这将自动加密客户端和服务器之间的流量。



任何人能够拦截密钥的唯一方法是，如果他们已经破坏了客户端，就会受到攻击您的服务器，或欺骗胭脂证书颁发机构为您的网站颁发虚假证书。在任何一种情况下，你都需要担心更大的问题。



假设您的DNS设置正确，您甚至不需要支付 - < a href =https://letsencrypt.org/>让我们加密 [ ^ ]会免费提供证书。在Windows上，您可以使用 Windows ACME Simple [ ^ ]自动获取和续订证书。

Use and enforce HTTPS. This will automatically encrypt the traffic between the client and your server.

The only way anyone would be able to intercept the key would be if they had compromised the client, compromised your server, or tricked a rouge Certificate Authority into issuing a false certificate for your site. In any of those scenarios, you'd have bigger problems to worry about.

Assuming your DNS is set up correctly, you don't even need to pay - Let's Encrypt[^] will give you a certificate for free. On Windows, you can use Windows ACME Simple[^] to obtain and renew the certificate automatically.

这篇关于使用身份验证请求时生成密钥的最佳方法是什么的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！