如何解决此Asp.Net Web API安全问题
[英]How to approach this Asp.Net web api security issue
问题描述
I've build an Asp.Net web api for being able to make ajax calls from my app to my database thru this api. 
我建立了一个Asp.Net网络api,以便能够通过此api从我的应用程序对数据库进行ajax调用。 There is this specific column called "likes" that i'm concerned about since it's a public api i dont want people to be able to just make an http call to update the "likes" value to whatever value they want to. 我关心的是这个称为“喜欢”的特定列,因为它是一个公共api,我不希望人们能够通过http调用将“喜欢”值更新为他们想要的任何值。 My app makes sure that they only can like something once. 我的应用程序确保他们只能喜欢一次。 My question is unfortunately not that specific because i simply dont know how to specify it, but does anyone have any idea of how to approach this? 不幸的是,我的问题不是那么具体,因为我根本不知道如何指定它,但是有人对如何解决这个问题有任何想法吗? I checked into authorization, tokens, ssl etc, but it feels like there must be a shorter way for this problem with denying people to update this column outside of the app? 我检查了授权,令牌,ssl等,但是似乎必须通过拒绝人们在应用程序外部更新此列的方法来解决此问题? Any help highly appreciated, 任何帮助,高度赞赏,
Thanks! 谢谢!
1 个解决方案
解决方案1
2 已采纳 2015-02-28 15:55:35
You could pass the username or unique user identifier to the likes API endpoint. 您可以将用户名或唯一的用户标识符传递给likes API端点。 Then on the server side, you can validate the user exists and only allow them to like something once. 然后在服务器端,您可以验证用户的存在,并且只允许他们喜欢一次。 Any additional requests from that user to like the same item can be ignored. 该用户对相同项目的其他任何请求都可以忽略。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.