客户端 JavaScript 应用程序和服务器端 HTTP API 之间的身份验证? [英] Authentication between client-side JavaScript application and Server Side HTTP API?
问题描述
我已经构建了一些通过 HTTP 工作的服务器端 API,仅用于我的客户端应用程序.那么,是否可以在客户端和服务器端之间对应用程序进行身份验证?以及怎么做?
I have built some server-side APIs work through HTTP, for my client-side applications only. So, is it possible to authenticate applications between client-side and server-side; and how to?
推荐答案
有两个选项:
- 会话
- HTTP 身份验证
session 背后的想法是服务器向客户端发送一个难以猜测的值,客户端随后在每次请求时将该值传递回服务器.这样,服务器就知道请求可能来自哪个客户端,并且可以跟踪客户端是否已经向服务器验证了自己的身份(例如,通过在较早的请求中提供用户名和密码).
The idea behind session is that the server sends a hard to guess value to the client and the client subsequently passes that value back to the server on each request. That way, the server knows from which client the request likely comes from and can keep track of whether the client has authenticated itself with the server (e.g. by having provided username and password on an earlier request).
HTTP 身份验证依赖于客户端在每次请求时将请求标头中的身份验证凭据(通常是用户名和密码)传递给服务器.这通常由服务器发送 401 Unauthorized 响应启动,这通常会导致客户端提示用户输入用户名和密码.然后将这些信息传递给服务器,进行验证并(成功后)用通常的 200 Found 回答.
HTTP authentication relies on the client passing authentication credentials (usually username and password) in the request header to the server with every request. This is usually initiated by the server sending a 401 Unauthorized response, which usually leads to the client prompting the user for a username and password. These information are then passed to the server, validated and (upon success) answered with the usual 200 Found.
这篇关于客户端 JavaScript 应用程序和服务器端 HTTP API 之间的身份验证?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
