ASP.net的Web API RESTful Web服务+基本身份验证 [英] ASP.net Web API RESTful web service + Basic authentication
问题描述
我实施使用ASP.Net网页API RESTful Web服务。我已得出结论使用基本身份验证+ SSL做认证的一部分。什么是实现,最好的/正确的方法是什么?
I'm implementing a RESTful web service using ASP.Net Web Api. I have concluded to use Basic authentication + SSL to do the authentication part. What is the best/correct way to implement that?
我的第一次尝试做手工,解析授权头,解码和验证对我的数据库的用户。它的工作原理,但我不知道如果我失去了一些东西。
My first attempt was to do it manually, parsing the Authorization header, decoding and verifying the user against my database. It works, but I wonder if I am missing something.
我已经看到了使用用户角色和校长一些解决方案。虽然我不知道这些真正做,我几乎可以肯定我不会被这些需要,因为在我的数据库中,我定义我自己的用户和他们的角色。
I've seen some solutions using user roles and principals. While I'm not sure what these actually do, I'm almost sure I will not be needing these, since in my database I define my own users and their roles.
还有什么我还没有完全理解,就是如果服务的消费者必须使用发送每个请求的凭据或它们以某种方式缓存。如果我的服务做一些事情,为了要做到这一点,或者它是完全由消费者来处理呢?
Also what I haven't yet completely understand, is if the consumers of the service must sent the credentials with each request or they are somehow cached. Should my service do something in order for this to happen, or it's completely up to the consumer to handle this?
和有关客户端的制作用JavaScript请求的最后一个问题。会不会有什么跨域请求的问题,如果他们试图使用该服务?
And a last question about clients making requests with javascript. Would there be any "cross domain request" problems if they try to use the service?
推荐答案
杰米Kurtze提供了使用基本身份验证在这里的的ASP.NET Web API REST安全性基本信息
Jamie Kurtze provides a good explanation of using Basic Authentication here ASP.NET Web API REST Security Basics
从我的理解,如果你希望你的请求是无状态的,然后每个请求都需要验证字段设置
From my understanding, if you want your requests to be stateless then each request will require the Authentication field to be set
杰米Kurtze包装从DelegateHandler派生的类所需的code,而里克施特拉尔检查,如果呼叫使用过滤器是有效的。您可以在<读更在他关于这一主题的博客文章href=\"http://www.west-wind.com/weblog/posts/2013/Apr/18/A-WebAPI-Basic-Authentication-Authorization-Filter\"相对=nofollow>一个的WebAPI基本身份验证授权过滤器
Jamie Kurtze wraps the necessary code in a class derived from DelegateHandler, while Rick Strahl checks if the call is valid using a Filter. You can read more at his blog post on this topic at A WebAPI Basic Authentication Authorization Filter
这篇关于ASP.net的Web API RESTful Web服务+基本身份验证的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
