网络服务建议 [英] web service suggestions
问题描述
我们有一个主站点,数据库,我们有两个不同的应用程序由外部公司开发。
现在我们的主站点有一个用户数据库。现在,对于这些应用程序,一家公司建议我们创建一个他们可以调用的Web服务,如果用户是成员,则查找为true / false。
第二家公司建议他们将拥有一个单独的用户数据库,并创建一个我们的系统可以与之交互的REST API调用。所以我们需要创建一个更新app数据库的服务。
现在我想可能最好坚持两种解决方案而不是不同的解决方案。我更倾向于第一个建议吗?
你们都有什么想法?
谢谢
We have one main site, database and we have got two different apps developed by external companies.
Now we have a user database in our main site. Now for these apps, one company suggesting us to create a web service that they can call and find out in true/false if user is a member or not.
The second company is suggesting they will have a separate user database and create a REST API calls that our system can interact with. So we need to create a service that updates the app database.
Now am thinking may be it's best to stick to one solution for both rather than different solution. I am more incline towards first suggestion?
What do you all think?
Thanks
推荐答案
第二个建议并不是那么好,因为它会增加更多的工作和风险。
有时候更简单的方法,如第1点,可能很适合。与任何安全问题一样,这将/应该规定要求。有一个单独的数据库确实增加了一些好处,但会有更多的问题。
我会去点1.
但是,你有没有看过Windows Identity Foundation?它使用联合安全性,您可以使用单个用户令牌使多个应用程序全部登录。这是基于声明的身份验证,可以在多种应用场景中很好地工作
http://msdn.microsoft.com/en-us/library/hh377151(v=vs.110).aspx [ ^ ]
The second suggestion is not really that good as it adds quite a bit more work and risk.
Sometimes the simpler methods such as point 1 are probably good to go with. As with any security concern this will / should dictate the requirements. Having a separate database does add some benefit but would be more problematic.
I would go for point 1.
However, Have you looked into Windows Identity Foundation? It uses federated security whereby you could have multiple applications all signing on using a single user token. This is claims based authentication and would work quite well in multiple applications scenarios
http://msdn.microsoft.com/en-us/library/hh377151(v=vs.110).aspx[^]
这篇关于网络服务建议的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!