身份验证MVC4网页API [英] Authentication for MVC4 Web Api
问题描述
我想确保我的MVC4的Web API。其实,我真的很需要一些轻安全的身份提供者。我的服务类似于Twitter的,从安全角度看,有没有很多的私有数据,但服务确实需要知道来电者的用户ID。
I'm trying to secure my MVC4 Web Api. Actually, I just really need an identity provider with some light security. My service is similar to twitter, from a security standpoint, there's not a lot of private data, but the service does need to know the userid for the caller.
同样重要的是要知道,Web服务将只通过移动设备现在消耗,尽管网站可能会在未来的某个时刻伴随着它。
It's also important to know that the web service will only be consumed by mobile devices right now, although a website may accompany it at some future point.
S.O。和互联网已经使我Thinktecture.IdentityModel,但男子似乎复杂,我可以准确地找到零文件或样品。我还尚未有基于声明的身份验证一个愉快的经历。我没有索赔服务器,令牌供应商,或者类似的东西,它好像你会需要一个使用此方法。这一切似乎远远重于我的情况。
S.O. and the internet have led me to Thinktecture.IdentityModel, but man it seems complex and I can find exactly zero documentation or samples. I also haven't yet had a pleasant experience with claims-based authentication. I don't have a claims server, token provider, or anything like that, and it seems like you would need that to use this method. This all seems far to heavy for my situation.
我也看到了有关实现自己的HMAC解决方案的人(https://github.com/cuongle/WebAPI.Hmac)或使用OAuth(https://github.com/maksymilian-majer/DevDefined.OAuth)但这些还显得有点复杂(我读过的OAuth没有辅助类是足以让最优秀的开发哭,我不是最好的)。 Janrain看起来它可能工作,但它看起来像你必须支付每年2500多身份验证的用户...
I've also read about people implementing their own HMAC solution (https://github.com/cuongle/WebAPI.Hmac) or using OAuth (https://github.com/maksymilian-majer/DevDefined.OAuth) but these also seem a bit complex (I've read that OAuth without the helper class is enough to make the best developers cry, and I'm not the best). Janrain looks like it might work, but it looks like you have to pay for more than 2,500 authenticated users per year ...
什么是实现对网页API一个简单的身份提供者与安全的最佳方法是什么?
What is the best way to implement a simple identity provider and security for Web Api?
谢谢!
推荐答案
我已尝试之前,你回答这个类似的问题<一href=\"http://stackoverflow.com/questions/11438517/create-an-oauth-2-0-service-provider-using-dotnetopenauth/11644882#11644882\">Create使用DotNetOpenAuth一个OAuth 2.0服务提供商,我强调了Thinkecture身份服务器。该安装说明不是太困难(恕我直言)安装视频
I have attempted to answer a similar question to this before Create an OAuth 2.0 service provider using DotNetOpenAuth where I highlighted the Thinkecture Identity Server. The Setup instructions not too difficult (IMHO) The installation video is here and should help a lot.
我已经更新了我的大回答这个太多,但也有一个相当轻量级O型验证2.0实现在这里例如样品code <一个href=\"http://community.$c$csmithtools.com/$c$cSmith_Community/b/tdupont/archive/2011/03/18/oauth-2-0-for-mvc-two-legged-implementation.aspx\"相对=nofollow>这里 <一个href=\"http://$c$c.google.com/p/$c$csmith/downloads/detail?name=OAuth2.zip&can=2&q=#makechanges\" rel=\"nofollow\">http://$c$c.google.com/p/$c$csmith/downloads/detail?name=OAuth2.zip&can=2&q=#makechanges
I have updated my older answer with this too but there is also a fairly lightweight O-Auth 2.0 implementation example here Sample code here http://code.google.com/p/codesmith/downloads/detail?name=OAuth2.zip&can=2&q=#makechanges
您是否也在这里<读这口井关节问题href=\"http://stackoverflow.com/questions/11889556/authenticating-requests-from-mobile-iphone-app-to-asp-net-web-api-feedback-re\">Authenticating从手机(iPhone)应用ASP.Net的Web API(反馈要求对我的设计)
这篇关于身份验证MVC4网页API的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
