网络服务建议 [英] web service suggestions

问题描述

我们有一个主站点，数据库，我们有两个不同的应用程序由外部公司开发。



现在我们的主站点有一个用户数据库。现在，对于这些应用程序，一家公司建议我们创建一个他们可以调用的Web服务，如果用户是成员，则查找为true / false。



第二家公司建议他们将拥有一个单独的用户数据库，并创建一个我们的系统可以与之交互的REST API调用。所以我们需要创建一个更新app数据库的服务。



现在我想可能最好坚持两种解决方案而不是不同的解决方案。我更倾向于第一个建议吗？



你们都有什么想法？



谢谢

We have one main site, database and we have got two different apps developed by external companies.

Now we have a user database in our main site. Now for these apps, one company suggesting us to create a web service that they can call and find out in true/false if user is a member or not.

The second company is suggesting they will have a separate user database and create a REST API calls that our system can interact with. So we need to create a service that updates the app database.

Now am thinking may be it's best to stick to one solution for both rather than different solution. I am more incline towards first suggestion?

What do you all think?

Thanks

推荐答案

第二个建议并不是那么好，因为它会增加更多的工作和风险。



有时候更简单的方法，如第1点，可能很适合。与任何安全问题一样，这将/应该规定要求。有一个单独的数据库确实增加了一些好处，但会有更多的问题。



我会去点1.



但是，你有没有看过Windows Identity Foundation？它使用联合安全性，您可以使用单个用户令牌使多个应用程序全部登录。这是基于声明的身份验证，可以在多种应用场景中很好地工作



http://msdn.microsoft.com/en-us/library/hh377151(v=vs.110).aspx [ ^ ]

The second suggestion is not really that good as it adds quite a bit more work and risk.

Sometimes the simpler methods such as point 1 are probably good to go with. As with any security concern this will / should dictate the requirements. Having a separate database does add some benefit but would be more problematic.

I would go for point 1.

However, Have you looked into Windows Identity Foundation? It uses federated security whereby you could have multiple applications all signing on using a single user token. This is claims based authentication and would work quite well in multiple applications scenarios

http://msdn.microsoft.com/en-us/library/hh377151(v=vs.110).aspx[^]

这篇关于网络服务建议的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！