客户端的JavaScript应用程序和服务器端的HTTP API之间的身份验证? [英] Authentication between client-side JavaScript application and Server Side HTTP API?
问题描述
我已经建立了一些服务器端API通过HTTP工作,只为我的客户端应用程序。那么,是不是可以验证客户端和服务器端之间的应用;以及如何?
I have built some server-side APIs work through HTTP, for my client-side applications only. So, is it possible to authenticate applications between client-side and server-side; and how to?
推荐答案
有两种选择:
- 会话
- HTTP认证
后面会话的想法是,在服务器发送一个很难猜测值到客户端,客户端随后通过该值重新对每个请求的服务器。这样一来,服务器知道来自哪个客户端请求可能来自并且可以(例如,通过具有在一个较早的请求提供的用户名和密码)跟踪客户端是否已经验证自身与服务器
The idea behind session is that the server sends a hard to guess value to the client and the client subsequently passes that value back to the server on each request. That way, the server knows from which client the request likely comes from and can keep track of whether the client has authenticated itself with the server (e.g. by having provided username and password on an earlier request).
HTTP认证依赖于客户端通过认证证书的请求头与每个请求的服务器(通常是用户名和密码)。这通常是由服务器发送 401未授权
反应,这通常导致在客户提示输入用户名和密码的用户启动。这些信息随后被传递给服务器,验证和(在成功),发现与平时 200回答
。
HTTP authentication relies on the client passing authentication credentials (usually username and password) in the request header to the server with every request. This is usually initiated by the server sending a 401 Unauthorized
response, which usually leads to the client prompting the user for a username and password. These information are then passed to the server, validated and (upon success) answered with the usual 200 Found
.
这篇关于客户端的JavaScript应用程序和服务器端的HTTP API之间的身份验证?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!