身份管理-保护REST API / Web服务
[英]Identity Management - securing a REST API / web service
问题描述
What are the practices in 2015 in the companies you work in to provide the highest security level when designing a REST API / web service? 
在设计REST API /网络服务时,您所在的公司在2015年有哪些实践可提供最高的安全级别?
Please answer taking into account Identity Management . 请回答考虑到身份管理 。
For example - do you still use hashes for passwords in your databases? 例如-您是否还在数据库中使用哈希作为密码? I am sure many of you work in companies where the security level is of a great importance. 我相信你们中许多人在安全级别至关重要的公司工作。 I would be extremely grateful if you could share your current experience. 如果您能分享您的当前经验,我将不胜感激。
If it matters, we would like to use .NET 5 with their newest Web Api. 如果有关系,我们希望将.NET 5与他们最新的Web Api一起使用。
EDIT Opinion based? 编辑基于意见? I am asking for what people use to secure their services nowadays, there is nothing to be opinion based. 我要问的是当今人们使用什么来确保他们的服务,没有什么可以基于意见的。
1 个解决方案
解决方案1
2 已采纳 2015-05-27 15:28:54
It's best to avoid doing your own identity management all together. 最好避免一起进行自己的身份管理。 For applications used within your company, use your Active Directory ( ADFS ) or cloud based directory ( Azure AD ). 对于公司内部使用的应用程序,请使用Active Directory( ADFS )或基于云的目录( Azure AD )。
For all other (internet) applications, use a social identity provider like Facebook , Google or Twitter . 对于所有其他(互联网)应用程序,请使用社交身份提供商,例如Facebook , Google或Twitter 。
Your users don't need another username and password to remember and you don't need the headaches of storing passwords and doing password resets. 您的用户不需要记住其他用户名和密码,也不需要麻烦存储密码和重置密码。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.