[英]I was able to pass username and password to webservice, but its not the way i need to secure from unauthorized user
This is another question I have about web services and securing them. 这是我关于Web服务和保护它们的另一个问题。 I made a WCF Web Service and this is the code that I used...
我制作了WCF Web服务,这是我使用的代码...
[OperationContract]
[WebInvoke(Method = "GET")]
string myData(string name, string pass);
and this is the code that I use to interact with the web service... 这是我用来与Web服务交互的代码...
public string myData(string a, string b)
{
if (a == "chris" && b == "pass")
return "You did it";
else
return "Nope";
}
I know this looks basic and I understand that I can add more functionality to it, but I don't think this is the way I need. 我知道这看起来很基础,我知道可以为其添加更多功能,但是我认为这不是我所需要的。 It looks a little dirty to me.
对我来说有点脏。
If have a web service sitting on a server and if someone tries to use the service, I would like a pop up to ask for a username and password, so I can verify that they are in the database and they can proceed invoking the web service. 如果服务器上有Web服务,并且有人尝试使用该服务,那么我想弹出一个窗口来询问用户名和密码,这样我就可以验证它们是否在数据库中并且可以继续调用该Web服务。 。
For this to be done, should I set up authentication in IIS to do this? 为此,我应该在IIS中设置身份验证来执行此操作吗? I think I'm over thinking things.
我想我已经想不通了。 My client just wants me to be able to secure the web service from unauthorized users.
我的客户只是希望我能够保护Web服务免受未经授权的用户的侵害。 So That's what I am running into an issue with, I'm not sure the correct way to secure everything from unauthorized access, should (and how) this be done in IIS or just use the code that I provided.
所以这就是我遇到的一个问题,我不确定要确保所有内容免受未经授权的访问的正确方法,应该(以及如何)在IIS中完成此工作,或者仅使用我提供的代码。
I apologize if this kind of question has been asked a million times but the question is always different and so are the answers. 如果这种问题问了一百万次,我很抱歉,但是问题总是不同的,答案也是如此。
You should set your authentication method say forms authentication and set you credential in request. 您应该设置身份验证方法,例如表单身份验证,并在请求中设置凭据。 Also better do it as HTTPS.
也最好将其作为HTTPS。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.