带有客户端页面的外部身份验证服务
[英]External Authentication Services with an Client page
问题描述
I am using facebook/twitter logged in user to authenticate my web api. 
我正在使用Facebook / twitter登录的用户来验证我的Web API。 i followed this 我遵循了这个
Okay that was most likely what I what. 好的,那很可能是我的意思。 But my view page will be differently hosted. 但是我的视图页面将以不同的方式托管。 That is user will be logging in with a different page and they will send an ajax request get values from api controller. 也就是说,用户将使用其他页面登录,并且他们将发送一个Ajax请求,以从api控制器获取值。
I would authorize the web api only to user who is logged in. 我只将Web api授权给已登录的用户。
1 个解决方案
解决方案1
0 2014-04-04 04:11:26
If by "differently hosted" you mean on separate domains, then you won't be able to share a cookie between the two. 如果“分别托管”是指在不同的域上,那么您将无法在两者之间共享Cookie。 If you mean that the client is a iOS app or Windows Phone app running on a device, the general pattern is to use a "Browser Control" and build a little UI as part of your API site. 如果您的意思是客户端是设备上运行的iOS应用或Windows Phone应用,则通常的模式是使用“浏览器控件”并构建一些UI作为API网站的一部分。 You can show your users this UI in the browser control and then scrape the token out. 您可以在浏览器控件中向用户显示此UI,然后将令牌刮出。 If you use Azure ACS, this is much easier with the "javascriptnotify" protocol that enables the token to be pushed out of the browser control. 如果您使用Azure ACS,则使用“ javascriptnotify”协议可以使令牌从浏览器控件中推出,这更加容易。
The best article I've seen on this is http://www.cloudidentity.com/blog/2012/04/04/authenticating-users-from-passive-ips-in-rich-client-apps-via-acs-2 我在此看到的最好的文章是http://www.cloudidentity.com/blog/2012/04/04/authenticating-users-from-passive-ips-in-rich-client-apps-via-acs- 2
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.