访问控制Web服务 [英] Access control to web service
问题描述
这是我希望达到的:
我的ASP.NET Web服务托管一个名为 //服务服务器上。我想通过服务器和应用程序,以及控制访问Web服务。我的意思是在这里,如果我有两个ASP.NET Web应用程序(APP1和APP2)主办的一个名为 // web1的服务器上,我只希望 // web1的/ APP1 能够调用Web服务。我知道我可以允许访问的IP地址 // web1的但是这将让双方的 // web1的/ APP1 和 // web1的/ APP2 访问Web服务。
My ASP.NET web service is hosted on a server called //service. I want to control access to the web service by server and by application as well. What I mean here is if I have two ASP.NET web applications (app1 and app2) hosted on a server called //web1 and I only want //web1/app1 to be able to call the web service. I know that I can grant access to the IP address of //web1 but that would allow both //web1/app1 and //web1/app2 access to the web service.
我正在考虑使用SSL证书,因为我不想让Web应用程序来处理登录/密码。在 //服务后,我会授予访问的 // web1的的IP映射,并从客户端证书的 // web1的到Windows帐户这将允许从 // web1的只应用程序访问。但后来我怎么进一步控制访问只 // web1的/ APP1 ?
I am thinking about using an SSL certificate as I don't want the web application to handle the login/password. on //service, I will grant access to the ip of //web1 and map a client certificate from //web1 to a windows account and this will allow only applications from //web1 to access. But then how do I further control the access to only //web1/app1?
推荐答案
您可以使用标准的 HTTP验证控制哪些应用程序可以访问Web服务。
You can use standard HTTP Authentication to control which applications have access to your web service.
凭据在批准每个请求头中传递。每一个Web服务客户端(即// web1的/ APP1)应该有自己的凭据,所以如果// web1的/ APP2试图连接到Web服务,而不提供认可证书,这将被拒绝访问。
Credentials are passed in the Authorization header with each request. Every web service client (i.e. //web1/app1) should have its own credentials, so if //web1/app2 tried to connect to the web service without providing recognized credentials, it would be denied access.
我建议使用SSL来加密所有交通,使认证信息和其他敏感数据是安全的。
I recommend using SSL to encrypt all traffic, so that authentication information and other sensitive data is secure.
下面是一些文章可能会有所帮助:
Here are a few articles that may be helpful:
- HTTP Security and ASP.NET Web Services (see Authentication section)
- Authentication in ASP.NET Web Services
祝你好运!
这篇关于访问控制Web服务的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
