策略来保护客户端的Web服务 [英] Strategy for protecting client side web services
问题描述
我有 WCF
服务称为 $阿贾克斯(网址:{url:'service.svc A = 1?,数据类型:JSONP ,...})
在 mysite.com
的页面(100%客户端堆栈)之一。我想限制服务的使用,只mysite.com的用户,才有可能做到这一点,如果是的话怎么办?
I have WCF
service called by $.ajax({ url: 'service.svc?a=1', dataType: "JSONP", ...})
on one of the pages of mysite.com
(100% client side stack). I want to limit service usage to mysite.com users only, is it possible to do it and if so how?
我现在是'通过'参数引入的唯一的想法,which'd帮助我了解,通过该WWW我的服务被访问。
The only idea I have for now is introducing 'via' parameter, which'd help me to understand via which www my service was accessed.
P.S。我真的很努力想出一个好标题,请填写随意改变它!
P.S. I'm really struggling to come up with a good title, please fill free to change it!
推荐答案
如果您承载您在IIS应用程序,你可以只添加到您的web.config:
If you are hosting you application on IIS you can just add to you web.config:
<system.webServer>
<httpProtocol>
<customHeaders>
<add name="Access-Control-Allow-Origin" value="*" />
<add name="Access-Control-Allow-Methods" value="GET, POST" />
</customHeaders>
</httpProtocol>
</system.webServer>
有关访问控制 - 允许 - 原产地,你可以设置你的应用程序地址:访问控制 - 允许 - 产地:的http:// DOMAIN1 .COM , http://domain2.com
For Access-Control-Allow-Origin you can set you application address: Access-Control-Allow-Origin: http://domain1.com, http://domain2.com
<system.webServer>
<httpProtocol>
<customHeaders>
<add name="Access-Control-Allow-Origin" value="http://domain1.com" />
<add name="Access-Control-Allow-Methods" value="GET, POST" />
</customHeaders>
</httpProtocol>
</system.webServer>
您也可以达成的目标,书写行为增加了一个特定的报头到每个消息。这里是一个指南:<一href="http://blogs.msdn.com/b/carlosfigueira/archive/2012/05/15/implementing-cors-support-in-wcf.aspx" rel="nofollow">http://blogs.msdn.com/b/carlosfigueira/archive/2012/05/15/implementing-cors-support-in-wcf.aspx
You can also reach the goal, writing behaviour which adds a specific header to each message. Here is a guide: http://blogs.msdn.com/b/carlosfigueira/archive/2012/05/15/implementing-cors-support-in-wcf.aspx
有一个恒定的CorsConstants.Origin,你可以设置你的域名来代替。
There is a constant CorsConstants.Origin, you can set your domain instead.
要检查是否响应所需的头,你可以使用小提琴手。
To check if response has required header you can use fiddler.
这篇关于策略来保护客户端的Web服务的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!