WCF REST的基本安全性 [英] Basic Security for WCF REST
问题描述
我通过WCF RESTful服务看到了很多关于安全性的信息,但所有这些信息都比我认为需要的更多。
I've seen a lot of information surrounding security with a WCF RESTful service but all of them are way more involved than I feel that I need.
这是我的情况:我已在Windows Server 2012 / IIS服务器上启动并运行WCF REST服务。 当然,我可以通过我的浏览器(任何机器上的任何浏览器)调用它。
Here is my situation: I have a WCF REST service up and running on a Windows Server 2012/IIS server. I can, of course, make calls to it from my browser (any browser on any machine).
我唯一想改变的是我只想要*我*客户端应用程序可以拨打服务。 这不是公共/ API类型的服务,也不会。
The only thing that I'd like to change is that I only want *my* client app(s) to be able to make calls to the service. This is not a public/API type service and won't be.
到目前为止,领先的候选人正在使用HTTP Basic Auth(使用SSL连接),但即使这样设置似乎也非常复杂。
So far the leading candidate is using HTTP Basic Auth (with an SSL connection), but even that appears to be inordinately complicated to set up.
我有什么选择?
推荐答案
您好
Steven James Frank ,
>>我唯一想改变的是,我只希望*我的*客户端应用程序能够拨打该服务。 这不是公共/ API类型的服务,也不会。
>>The only thing that I'd like to change is that I only want *my* client app(s) to be able to make calls to the service. This is not a public/API type service and won't be.
根据您的描述,我认为相互证书认证可以满足您的要求。客户端和服务通过X509证书执行身份验证或身份验证
According to your description, I think that Mutual Certificate Authentication could meet your requirement. The client and the service perform identity verification or authentication through X509 certificates
有关详细信息,请参阅:
For more information, please refer to:
http://weblogs.asp.net/cibrax/mutual-certificate-authentication-for-wcf-rest-services
致以诚挚的问候,
Cole Wu
这篇关于WCF REST的基本安全性的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
