ASp.Net中的安全Web服务 [英] Secure WebServices in ASp.Net

问题描述

大家好，
我正在使用一个Web服务，该服务从一个网站接受userId并将其传递给第二个网站.我将如何以安全的方式执行此操作.

hi all,
I am using a webservices which accept userId from one website and pass it to second website. How I will perform this operation in secure way.

推荐答案

您可以在发送请求之前对userId进行加密，并在收到消息后对其进行解密.

请参阅此 [

You can encrypt the userId before sending the request and decrypt it as the message is received.

See this[^] article.

您可以控制两个网站吗?如果是这样，请不要在传递到第二个网站时对用户ID进行加密.相反，我们在类似情况下执行以下操作.

用户将用户ID传递到身份验证Web服务.身份验证Web服务仅在SSL上响应.验证用户身份后，我们将创建临时GUID并将其传递给第二个网站，该网站可以验证GUID的有效性并将其转换回用户ID.这样，不会窃取或复制userID.

Do you have a control of the two websites? If so, don''t encrypt the userID when passing to the second website. Instead we do the following in similar situation.

User passes User ID to authentication webservice. The authentication webservice only responds on SSL. Once we authenticate the user, we create temporary GUID and pass it to the second website, which can verify the validity of the GUID and translated back to the user ID. That way not userID is stolen or replicated.

这篇关于ASp.Net中的安全Web服务的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！