身份验证需要咨询的Android客户端连接到WCF休息设置 [英] Need advice on authentication for android client connecting to the WCF Rest setup
问题描述
基本上我想从Android的身份验证连接到WCF Windows服务。我是一个Android开发者。 ://www.$c$cproject.com/Articles/55397/Windows-Communication-Foundation-and-RESTful-Web-S HTTP相对=nofollow我已经从这个WCF REST服务的文章和还配置https的的。
Basically I would like to connect to the WCF windows service from android with authentication. I am an android developer. I have tinkered with the WCF Rest service from this article and also configured the https.
现在我要思考的认证过程(在数据库中的用户名和密码)从Android WCF服务。我应该带code在URL中的用户名和密码,并做HTTP POST,而返回授权令牌,对登录过程和使用的后续操作令牌和用户名(同时也将加密的用户名和令牌在preF文件,以避免日志记录下时间,从而避免密码)?任何意见和指针任何项目和文件表示欢迎。
Now I need to think about the authentication process (to the username and password in the database) to the WCF service from android. Should I encode username and password in the url and do http post, while returning a token for authorization, for login process and use the token and username for subsequent operation(and also save encrypted username and token in a pref file to avoid logging in next time, thus avoiding password)? Any advice and pointer to any project and document is welcomed.
推荐答案
有在程序员类似的问题<一href=\"http://programmers.stackexchange.com/questions/93005/designing-authentication-for-rest-api\">http://programmers.stackexchange.com/questions/93005/designing-authentication-for-rest-api但我想保持这种开放的问题,因为我想在此补充有益code和链接。
There is a similar question at the programmers http://programmers.stackexchange.com/questions/93005/designing-authentication-for-rest-api but I want to keep this question open since I would like to add useful code and links here.
而不是编码的URL的用户名和密码,他们应该在请求主体。其原因是,即使 HTTPS加密网址,这是不是一个好的做法,因为如果网址是由浏览器调用,浏览器会记住它和用户名/密码将可见那里的浏览器历史记录。因此,这里是处理HTTP POST的http://www.$c$cproject.com/Tips/150313/Simple-WCF-web-service-to-receive-parameter-from-H
Instead of encoding the username and password in url, they should be in the request body. The reason is that even though https encrypt the url, it is not a good practice because if the url is called from browser, the browser will remember it and username/password will be visible there in the browser history. Thus, here is an article to handle http Post http://www.codeproject.com/Tips/150313/Simple-WCF-web-service-to-receive-parameter-from-H
如果HTTPS与自签名证书实现的,你需要做一些额外的工作
http://blog.antoine.li/2010/10/ 22 / Android的信任-SSL-证书/
If https is achieved with self-signed certificate, you will need do some extra works http://blog.antoine.li/2010/10/22/android-trusting-ssl-certificates/
在WCF休息和Android的http://fszlin.dymetis.com/post/2010/05/10/Comsuming-WCF-Services-With-Android.aspx
More article on WCF rest and android http://fszlin.dymetis.com/post/2010/05/10/Comsuming-WCF-Services-With-Android.aspx
创建在C#中的自定义标记
http://msdn.microsoft.com/en-us/library/ms731872.aspx
Creating a custom token in C# http://msdn.microsoft.com/en-us/library/ms731872.aspx
这篇关于身份验证需要咨询的Android客户端连接到WCF休息设置的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
