堆栈内存溢出
  简体   繁体   English

如何使用REST Service-wcf WebHttpBindig对用户进行身份验证?

[英]how to authenticate user with rest service-wcf WebHttpBindig?

 原文  2015-04-14 17:32:55       c#/ wcf/ rest/ web

问题描述

I have a server-client project written in c#. 我有一个用C#编写的服务器-客户端项目。 I want to change the client side to a web client so we can open it with the browser. 我想将客户端更改为Web客户端,以便我们可以使用浏览器将其打开。 So I decided to make a WCF rest service that will replace the server side. 因此,我决定制作一个WCF Rest服务,以取代服务器端。 The binding that I am using for the service is webHttpBinding. 我用于该服务的绑定是webHttpBinding。 My problem is with the behavior of the service. 我的问题是服务的行为。 The service data (vars etc..) is initialize after every call. 每次调用后都会初始化服务数据(变量等)。 If i add the [ServiceBehavior(InstanceContextMode = InstanceContextMode.PerSession)] it doesn't change anything. 如果我添加[ServiceBehavior(InstanceContextMode = InstanceContextMode.PerSession)] ,则不会更改任何内容。 If I use [ServiceBehavior(InstanceContextMode = InstanceContextMode.Single)] , it works but I guess that the service instance will be the same for every client. 如果我使用[ServiceBehavior(InstanceContextMode = InstanceContextMode.Single)] ,它可以工作,但我想每个客户端的服务实例都相同。

I have a simple html web page that get a username and password from the client and post it to the service. 我有一个简单的HTML网页,该网页从客户端获取用户名和密码并将其发布到服务中。 The service check the Login info with the user database and response. 该服务将使用用户数据库和响应检查登录信息。 My problem is that i can't save the user status as logged in or not because after every post/get method the service is reset. 我的问题是我无法将用户状态保存为已登录状态,因为在每种发布/获取方法之后,服务都会重置。

what should I do? 我该怎么办?

1 个解决方案

解决方案1
 0  2015-04-14 18:01:33

This is a pretty standard issue you have to deal with when trying to maintain a session over HTTP, which is what webHttpBinding is using. 当试图通过HTTP维护会话时,这是一个非常标准的问题,这就是webHttpBinding所使用的。 Even if you try to force it to have a session, it won't. 即使您试图强迫它进行会话,也不会。 RESTful services don't work that way. RESTful服务无法正常工作。

A high level overview of what you have to do is have the service create a token it gives the client upon initial authentication (probably to be stored in a cookie), which the client will then send back with each request. 您需要做的高级概述是让服务创建一个令牌,该令牌在初始身份验证时将其提供给客户端(可能存储在cookie中),然后客户端将在每次请求时将其发送回去。 The service can then use that token to check if the client is logged into a particular account with each request. 然后,服务可以使用该令牌检查客户端是否在每个请求中都登录到特定帐户。 You probably want to make tokens expire after a certain duration (might be 1 month, 1 week, 1 day, 10 minutes, depending on your application). 您可能希望使令牌在一定时间(可能是1个月,1周,1天,10分钟,具体取决于您的应用程序)之后过期。

You can find some more information here: 您可以在此处找到更多信息:

RESTful Authentication RESTful身份验证

SPA best practices for authentication and session management SPA认证和会话管理最佳实践

Authentication, Authorization and Session Management in Traditional Web Apps and APIs 传统Web应用程序和API中的身份验证,授权和会话管理

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 wcf webhttpbindig中的自定义授权和身份验证 - custom authorization and authentication in wcf webhttpbindig 如何在没有IIS / WCF的情况下通过REST API调用对Windows用户进行身份验证? - How can I authenticate a windows user over a REST API call without IIS/WCF? 创建WCF Rest服务以接受SAML并验证Windows用户 - Creating an WCF rest service to accept SAML and authenticate Windows users AngularJs 应用程序无法使用 Wcf 服务验证用户登录 - AngularJs application unable to authenticate user login with Wcf Service 在REST WCF Web API中使用Windows身份验证对用户进行身份验证 - Authenticate User using Windows Authentication in REST WCF Web API WCF:在执行某些服务操作之前对用户进行身份验证 - WCF: authenticate user before executing some service operation 从WCF服务验证dotnetnuke - Authenticate dotnetnuke from WCF Service 如何使用自定义令牌对WCF服务进行全局身份验证 - how to Authenticate WCF service globally using custom token 如何安全地验证WCF服务方法的调用程序集? - How do I securely authenticate the calling assembly of a WCF service method? 客户端WPF应用程序如何通过Azure上的WCF服务进行身份验证? - How does a client WPF application authenticate with a WCF service on Azure?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM