如何在web api中实现基本认证 [英] How to implement basic authentication in web api

问题描述

大家好，



我知道这是一个非常基本的问题，但我在谷歌之后感到困惑，因为人们以不同的方式实施。所以我主要担心的是在api中实现基本身份验证的标准方法。



我通过以下链接：



我的尝试：



使用ASP.NET Web API 2，Owin和身份进行基于令牌的身份验证 - 技术位点 [ ^ ]



ASP.NET Identity 2.1基于角色的ASP.NET Web API授权 - 第4部分 - 技术位 [ ^ ]





基本基于用户角色的Web API中的身份验证 [ ^ ]

Hi all,

I know its a very basic question but i got confuse after google it because people implemented in different ways. so my major concern is what's standard way to implement basic authentication in api.

I go through following links:

What I have tried:

Token Based Authentication using ASP.NET Web API 2, Owin, and Identity - Bit of Technology[^]

ASP.NET Identity 2.1 Roles Based Authorization with ASP.NET Web API - Part 4 - Bit of Technology[^]


Basic Authentication in Web API Based on User Role[^]

推荐答案

你好，



这取决于您的网络Api的用途。例如，如果您像Google Adwords和Yahoo Gemini一样向公众公开Api，您也不希望为每个受保护资源使用用户名/密码。去基于令牌的身份验证。

为了一般目的，我建议你使用令牌。

Hello,

It depends on purpose of your web Api. For example if you exposing Api to public just like Google Adwords and Yahoo Gemini also you dont want to use username/password for each protected resource. Go for Token based authentication.
For general purpose I will suggest you to use Token based.

Quote：

基于令牌的身份验证系统背后的一般概念很简单。允许用户输入用户名和密码，以获取允许他们获取特定资源的令牌 - 而无需使用他们的用户名和密码。一旦获得了令牌，用户就可以向远程站点提供令牌 - 一段时间内可以访问特定资源。

The general concept behind a token-based authentication system is simple. Allow users to enter their username and password in order to obtain a token which allows them to fetch a specific resource - without using their username and password. Once their token has been obtained, the user can offer the token - which offers access to a specific resource for a time period - to the remote site.

Asp.Net Identity最适合组织Api，如财务应用程序，人力资源和服务。您可以根据角色和身份验证保护您的API。在每个请求中，您必须通过用户名/密码等对自己进行身份验证。

Asp.Net Identity为您提供巨大的真实性并支持OAuth集成，适用于OWIN。

Asp.Net Identity is best suited for Organizational Api like Financial applications, Human resource and services. You can protect your API based on Roles and authentication. On each request you have to authenticate your self by username/password etc.
Asp.Net Identity provide you huge verity and support OAuth integration, works with OWIN.

这篇关于如何在web api中实现基本认证的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！