什么是文物,提供安全的网络API在asp.net? [英] What are the artifacts, to provide security to web api in asp.net?
问题描述
无论我们需要在这个网络世界的安全。我们能提供的安全性,我们的asp.net的Web API。什么是用于直接攻击方面提供安全的Web API破解服务器数据的参数。什么是最好的实践和方法来提供安全的Web API中的点网?
Everywhere we need security in this web world. How can we provide the security to our asp.net Web api. what are the parameters for providing the security in terms of direct attack on web api to hack server data. What are the best practices and approach to provide security to Web API in dot net ?
推荐答案
有你需要的时候,你要保护Web API来考虑几件事情。
There are several things you need to take into consideration when you want to secure your Web API.
使用传输加密( HTTPS )将为您提供通信的服务器标识和保密性。
Using transport encryption (https) will provide you with server identity and confidentiality of the communication.
身份验证和授权会提供您只投放数据的用户被允许访问的能力。网页API是最常见的承载安全令牌,无论是由外部机构或应用程序本身提供的。
Authentication and authorization will provide you the ability to only serve data the users are allowed to access. Web API is most commonly secured with bearer tokens, either provided by an external authority or the application itself.
您还需要保护自己免受各种常见的攻击:
You also need to protect yourself against all kinds of common attacks:
- Cross site request forgery (CSRF)
- SQL injection
的ASP.NET Web API逃脱写入默认的输出数据,减轻一些SQL注入攻击。它也有<一个href=\"http://stackoverflow.com/questions/11476883/web-api-and-validateantiforgerytoken\">mitigation对于建在CSRF攻击。
ASP.NET Web API escapes data written to the output by default, mitigating some SQL injection attacks. It also has mitigation for CSRF attacks built in.
查看维基百科的安全测试了解详情。
See security testing on wikipedia for more information.
这篇关于什么是文物,提供安全的网络API在asp.net?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
