用户帐户的API体系结构
[英]API Architecture for User Accounts
问题描述
I'm currently developing a side-project, which will consist of a Database, Web API, and then different Apps on top which consume the restful API. 
我目前正在开发一个副项目,该项目将包含数据库,Web API,然后在顶部使用消耗静态API的其他应用程序。
I've started thinking about User accounts and how to make these secure. 我已经开始考虑用户帐户以及如何使其安全。 Currently, as a standard, I have the following model in the Data Layer: 目前,作为标准,我在数据层中具有以下模型:
public int Id { get; set; }
public string Username { get; set; }
public string Full_Name { get; set; }
public string Password { get; internal set; }
public string Salt { get; internal set; }
Now, obviously, when someone makes a request for /Users/{id}, the User associated with that Id is returned. 现在,很明显,当有人请求/ Users / {id}时,将返回与该ID关联的User。 However, I don't want to return the Password or Salt, so really don't want those to be part of the User model. 但是,我不想返回“密码”或“盐”,所以真的不希望它们成为用户模型的一部分。
I have toyed with the idea of creating a different, internal-only model for UserDetails, and shipping the Password/Salt, etc off into that. 我想到了为UserDetails创建一个不同的,仅限内部使用的模型,然后将密码/盐等发送到其中的想法。 However, I hit the snag of, when signing up to the service, how do I get a desired password from the user to the API? 但是,当我注册服务时遇到了麻烦,如何从用户到API获得所需的密码?
There's probably a really simple implementation of what I want to do, but I can't think of one right now. 我想做的事情可能很简单,但是我现在想不起来。 Any help would be greatly appreciated! 任何帮助将不胜感激!
1 个解决方案
解决方案1
1 已采纳 2015-02-22 17:13:51
You should use a special view model without the password property for this purpose. 为此,您应该使用没有密码属性的特殊视图模型。 Then inside your API you will map between your data model and the view model and return the view model out from your Web API method. 然后,在您的API内部,您将在数据模型和视图模型之间进行映射,并从Web API方法返回视图模型。 Same stands true for the Salt property as well. Salt属性也是如此。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.