[英]Web API authentication like Facebook, Twitter and Google
I need to develop an external API, and I want to implement authentication with a client ID and a secret key just like Facebook, Twitter, Google and Microsoft do. 我需要开发一个外部API,并且要像使用Facebook,Twitter,Google和Microsoft一样,使用客户端ID和密钥来实现身份验证。
I have read some tutorials about OAuth2, but his generated token is temporary, and clients need to pass the username and password to get a token. 我已经阅读了有关OAuth2的一些教程,但是他生成的令牌是临时的,客户端需要传递用户名和密码才能获得令牌。
So, what I want is to give a client ID and a secret key to every client that will use my API, and they should pass this data on every method they call. 因此,我想要为每个将使用我的API的客户端提供一个客户端ID和一个秘密密钥,并且他们应该在调用的每个方法上传递此数据。 Before returning the result, API checks if the request is valid.
在返回结果之前,API将检查请求是否有效。
What is the best way to do this? 做这个的最好方式是什么?
I think what you're looking for is 'Basic Authentication'. 我认为您正在寻找的是“基本身份验证”。 Here's a very simple tutorial to follow in order to fulfill your requirements: http://www.c-sharpcorner.com/blogs/basic-authentication-in-webapi
以下是满足您要求的非常简单的教程: http : //www.c-sharpcorner.com/blogs/basic-authentication-in-webapi
It goes without saying that you should set your site to force https so that the credentials in request header are encrypted. 不用说,您应该将站点设置为强制使用https,以便对请求标头中的凭据进行加密。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.