使用Windows Azure服务获取客户端机密
[英]Get Client Secret using Windows Azure Service
问题描述
I am building a Windows Store App which provides users to authenticate themselves via authentication providers such as Facebook , Live , Twitter etc. 
我正在构建一个Windows Store应用程序,该应用程序向用户提供通过Facebook,Live,Twitter等身份验证提供程序进行身份验证的身份。
I am using Windows Azure Mobile Service to facilitate my authentication. 我正在使用Windows Azure移动服务来促进身份验证。 For certain authentication provider (such as twitter) I am storing the Client ID and secret in the app and using them to facilitate the authentication. 对于某些身份验证提供程序(例如twitter),我将客户端ID和密码存储在应用程序中,并使用它们来促进身份验证。
Can I obtain the Client Secret by passing details to Azure Service so that I don't need to store then in my app. 我可以通过将详细信息传递给Azure服务来获取“客户端机密”,这样我就不需要再将其存储在我的应用程序中了。
Thanks in advance. 提前致谢。
1 个解决方案
解决方案1
0 2014-01-03 19:23:22
Don't store any secrets in the application. 不要在应用程序中存储任何秘密。 Apps can be "reverse-engineered" and their code retrieved, after which the secrets would be no more. 可以对应用程序进行“逆向工程”并检索其代码,之后便不再需要任何秘密。 The best place to store secrets is in the back-end, and in the case of Azure Mobile Services, the application settings is a good way to do so. 存放秘密的最佳位置是后端,对于Azure移动服务, 应用程序设置是一种很好的存储方式。
If you want to access the twitter id and secret (ie, the "consumer key" and "consumer secret") which you set in the identity tab of the portal, you don't need to create new app settings for that, they're exposed in the config object (see the section titled "The mobile service configuration" in this post for more information). 如果要访问在门户的标识选项卡中设置的Twitter ID和机密(即“用户密钥”和“用户机密”),则无需为此创建新的应用程序设置,它们是再在配置对象露出(参照标题为“移动业务配置”的部分此信息的详细信息)。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.