堆栈内存溢出
  简体   繁体   English

我能够将用户名和密码传递给Web服务,但这不是我需要防止未经授权的用户访问的方式

[英]I was able to pass username and password to webservice, but its not the way i need to secure from unauthorized user

 原文  2013-11-09 18:08:52       c#/ wcf/ web-services/ authentication/ iis-7

问题描述

This is another question I have about web services and securing them. 这是我关于Web服务和保护它们的另一个问题。 I made a WCF Web Service and this is the code that I used... 我制作了WCF Web服务,这是我使用的代码... 

    [OperationContract]
    [WebInvoke(Method = "GET")]
    string myData(string name, string pass);

and this is the code that I use to interact with the web service... 这是我用来与Web服务交互的代码... 

    public string myData(string a, string b)
    {
        if (a == "chris" && b == "pass")
            return "You did it";
        else
            return "Nope";
    }

I know this looks basic and I understand that I can add more functionality to it, but I don't think this is the way I need. 我知道这看起来很基础,我知道可以为其添加更多功能,但是我认为这不是我所需要的。 It looks a little dirty to me. 对我来说有点脏。

If have a web service sitting on a server and if someone tries to use the service, I would like a pop up to ask for a username and password, so I can verify that they are in the database and they can proceed invoking the web service. 如果服务器上有Web服务,并且有人尝试使用该服务,那么我想弹出一个窗口来询问用户名和密码,这样我就可以验证它们是否在数据库中并且可以继续调用该Web服务。 。

For this to be done, should I set up authentication in IIS to do this? 为此,我应该在IIS中设置身份验证来执行此操作吗? I think I'm over thinking things. 我想我已经想不通了。 My client just wants me to be able to secure the web service from unauthorized users. 我的客户只是希望我能够保护Web服务免受未经授权的用户的侵害。 So That's what I am running into an issue with, I'm not sure the correct way to secure everything from unauthorized access, should (and how) this be done in IIS or just use the code that I provided. 所以这就是我遇到的一个问题,我不确定要确保所有内容免受未经授权的访问的正确方法,应该(以及如何)在IIS中完成此工作,或者仅使用我提供的代码。

I apologize if this kind of question has been asked a million times but the question is always different and so are the answers. 如果这种问题问了一百万次,我很抱歉,但是问题总是不同的,答案也是如此。

1 个解决方案

解决方案1
 -1  2013-11-09 19:16:00

You should set your authentication method say forms authentication and set you credential in request. 您应该设置身份验证方法,例如表单身份验证,并在请求中设置凭据。 Also better do it as HTTPS. 也最好将其作为HTTPS。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 我想将用户名和密码从html文件传递到(webservice)asmx文件。 我应该使用什么? - I want to pass the username and password from html file to (webservice )asmx file. what should i use? 无法通过传递 gmail 用户的用户名和密码从 azure 活动目录获取令牌 - not able to get the token from azure active directory by pass username and password for gmail user okta-asp.net Web表单-如何防止未经授权的用户导航到安全网页? - okta - asp.net web forms - how do I prevent an unauthorized user from navigating to a secure web page? 如何将用户名/密码凭据从php客户端传递到自托管的wcf服务? - How do I pass username/password credentials from php client to self-hosted wcf service? 如果我将密码作为字符串而不是安全字符串传递,是否总是不安全? - Is it always unsecure if I pass a password as a string and not as a secure string? 如何将标头中的用户名/密码传递给 SOAP WCF 服务 - How can I pass a username/password in the header to a SOAP WCF Service 如何通过反编译器向精明的用户隐藏硬编码的用户名和密码? - How can I hide a hard coded username and password from a savvy user with a decompiler? 如果用户输入正确的用户名和密码,我想从login.aspx重定向到address.aspx - I want to redirect from login.aspx to address.aspx if the user insert the correct username and password 将用户名/密码传递给SmtpClient(.NET)的正确方法 - Proper way to pass username/password to SmtpClient (.NET) 需要在 C# 中使用用户名和密码创建登录窗口,但是当我输入不正确的用户名或密码时,出现错误 - Need to make a login window with username and password in C# but when i introduce an incorrect username or password i get an error
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM