进行申请,使其成为唯一可以连接到我的WebAPI的应用程序
[英]Making an appliction so it is the only application that can connect to my WebAPI
问题描述
How is it possible to create an Application to interact with my WebAPI . 
如何创建与我的WebAPI交互的Application 。 The app will send some info to my website( WebAPI ) , and then I will update my database with this info, but the problem is how to secure it, so only my app that can interact with my website? 该应用程序会将一些信息发送到我的网站( WebAPI ),然后用该信息更新数据库,但是问题是如何保护它,因此只有我的应用程序可以与我的网站进行交互?
the application designed to be deployed to many computers. 该应用程序旨在部署到许多计算机。 and the users can use the application anonymously. 用户可以匿名使用该应用程序。 for an example the lightshot app 例如lightshot应用
1 个解决方案
解决方案1
0 2015-06-18 16:10:34
You can't limit access to a web site (or any IP port) to just one app. 您不能将对网站(或任何IP端口)的访问限制为仅一个应用程序。
Validate requests on server and possibly only allow access for authenticated users - that should be enough for most cases (except payed games). 验证服务器上的请求,可能仅允许经过身份验证的用户访问-在大多数情况下(付费游戏除外)就足够了。
You can make it harder to replay/re-create communication protocol: 您可以使重播/重新创建通信协议变得更加困难:
- require client certificate for HTTPS to connect 需要HTTPS的客户端证书才能连接
- frequently change code for client and protocol itself 经常更改客户端和协议本身的代码
- only allow authenticated users 只允许经过身份验证的用户
- rate-limit requests from same user to make it harder to revere engineer the protocol... 来自同一用户的速率限制请求,使其更难对协议进行工程设计...
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.