如何保护我的WCF数据服务服务
[英]how to secure my WCF Data Service services
问题描述
I have already read this thread http://msdn.microsoft.com/en-us/library/dd728284(v=vs.110).aspx 
我已经阅读了该线程http://msdn.microsoft.com/zh-cn/library/dd728284(v=vs.110).aspx
I understand the micanizme and approach to secure my webservice. 我了解保护我的Web服务的技巧和方法。
My question is how to do that? 我的问题是怎么做?
I mean: I don't want everyone on the web to access this service 我的意思是:我不希望网络上的每个人都可以使用此服务
https://SOMETHING/SMS
So, should I send the username and password with every serivce? 那么,我应该在每次发送密码时都发送用户名和密码吗? then I check for these username and password. 然后我检查这些用户名和密码。 if correct i return the response? 如果正确,我返回响应?
1 个解决方案
解决方案1
0 2014-02-09 12:58:20
You can try configuring your IIS to enable Basic or Digest Authentication http://www.asp.net/web-api/overview/security/basic-authentication Turning on SSL will encrypt your messages. 您可以尝试将IIS配置为启用基本或摘要式身份验证http://www.asp.net/web-api/overview/security/basic-authentication启用SSL将加密您的消息。
Doing that, IIS will handle authentication and you wont need to perform any further in your code. 这样做,IIS将处理身份验证,您无需在代码中执行任何其他操作。
Another approach, without any IIS configuration would be: 没有任何IIS配置的另一种方法是:
- Define Username and password 定义用户名和密码
- Append your HTTP headers for the request to include this username:password field. 为请求添加HTTP标头,以包括此username:password字段。 This one can also be encrypted (eg base64 encoding) 这个也可以被加密(例如base64编码)
- In your server software, read your http headers to find your username:password. 在您的服务器软件中,阅读您的http标头以找到您的用户名:密码。 If it is not there, then return an HTTP 401 Unauthorized error. 如果不存在,则返回HTTP 401未经授权错误。 If username:password matches the one you defined, then the user is authenticated. 如果username:password与您定义的密码匹配,则对用户进行身份验证。
Both ways are almost the same thing. 两种方式几乎是同一回事。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.