[英]how to authenticate user with rest service-wcf WebHttpBindig?
I have a server-client project written in c#. 我有一个用C#编写的服务器-客户端项目。 I want to change the client side to a web client so we can open it with the browser.
我想将客户端更改为Web客户端,以便我们可以使用浏览器将其打开。 So I decided to make a WCF rest service that will replace the server side.
因此,我决定制作一个WCF Rest服务,以取代服务器端。 The binding that I am using for the service is webHttpBinding.
我用于该服务的绑定是webHttpBinding。 My problem is with the behavior of the service.
我的问题是服务的行为。 The service data (vars etc..) is initialize after every call.
每次调用后都会初始化服务数据(变量等)。 If i add the
[ServiceBehavior(InstanceContextMode = InstanceContextMode.PerSession)]
it doesn't change anything. 如果我添加
[ServiceBehavior(InstanceContextMode = InstanceContextMode.PerSession)]
,则不会更改任何内容。 If I use [ServiceBehavior(InstanceContextMode = InstanceContextMode.Single)]
, it works but I guess that the service instance will be the same for every client. 如果我使用
[ServiceBehavior(InstanceContextMode = InstanceContextMode.Single)]
,它可以工作,但我想每个客户端的服务实例都相同。
I have a simple html web page that get a username and password from the client and post it to the service. 我有一个简单的HTML网页,该网页从客户端获取用户名和密码并将其发布到服务中。 The service check the Login info with the user database and response.
该服务将使用用户数据库和响应检查登录信息。 My problem is that i can't save the user status as logged in or not because after every post/get method the service is reset.
我的问题是我无法将用户状态保存为已登录状态,因为在每种发布/获取方法之后,服务都会重置。
what should I do? 我该怎么办?
This is a pretty standard issue you have to deal with when trying to maintain a session over HTTP, which is what webHttpBinding is using. 当试图通过HTTP维护会话时,这是一个非常标准的问题,这就是webHttpBinding所使用的。 Even if you try to force it to have a session, it won't.
即使您试图强迫它进行会话,也不会。 RESTful services don't work that way.
RESTful服务无法正常工作。
A high level overview of what you have to do is have the service create a token it gives the client upon initial authentication (probably to be stored in a cookie), which the client will then send back with each request. 您需要做的高级概述是让服务创建一个令牌,该令牌在初始身份验证时将其提供给客户端(可能存储在cookie中),然后客户端将在每次请求时将其发送回去。 The service can then use that token to check if the client is logged into a particular account with each request.
然后,服务可以使用该令牌检查客户端是否在每个请求中都登录到特定帐户。 You probably want to make tokens expire after a certain duration (might be 1 month, 1 week, 1 day, 10 minutes, depending on your application).
您可能希望使令牌在一定时间(可能是1个月,1周,1天,10分钟,具体取决于您的应用程序)之后过期。
You can find some more information here: 您可以在此处找到更多信息:
RESTful Authentication RESTful身份验证
SPA best practices for authentication and session management SPA认证和会话管理最佳实践
Authentication, Authorization and Session Management in Traditional Web Apps and APIs 传统Web应用程序和API中的身份验证,授权和会话管理
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.