获取Asp.Net WebApi Core 2.0中客户端的唯一标识符?
[英]Get unique identifier of client in Asp.Net WebApi Core 2.0?
问题描述
I'm looking for an unique identifier of clients in WebApi Core 2.0 
我正在WebApi Core 2.0中寻找客户端的唯一标识符
I tested HttpContext.Connection.Id , it's the same for all browsers! 我测试了HttpContext.Connection.Id ,所有浏览器都一样!
[HttpGet]
public IActionResult GetConnectionId()
{
return Ok(new
{
ConnectionId = HttpContext.Connection.Id
});
}
Also I test it with a virtual machine, it was the same for all clients 我也用虚拟机测试它,所有客户端都一样
How to get unique identifier of clients in Asp.Net WebApi Core 2? 如何在Asp.Net WebApi Core 2中获取客户端的唯一标识符?
1 个解决方案
解决方案1
4 已采纳 2017-11-30 14:06:22
There is no such thing as a "unique identifier for a client". 没有“客户的唯一标识符”之类的东西。 HTTP is stateless. HTTP是无状态的。 The HTTP protocol is actually designed in such a way on purpose . 实际上,HTTP协议是故意设计的 。 Any client should be able to communicate with any server, regardless of past communication. 任何客户端都应该能够与任何服务器通信,而不管过去的通信如何。 This enables concepts like load-balancing, failover, etc. 这将启用诸如负载平衡,故障转移等概念。
Things like sessions, cookies, etc., have been layered on top of the HTTP protocol to enable a form of state, but rather than being a true feature of the protocol, they are a cooperative effort between servers and clients. 诸如会话,Cookie等之类的东西已经被放在HTTP协议之上以实现一种状态形式,但是它们并不是服务器的真正功能,而是服务器和客户端之间的协作。 Both the client and server must participate in the process to enable state to be achieved. 客户端和服务器都必须参与该过程,以使状态得以实现。 Cookies, in particular, are what enables companies like Google, Facebook, et al., to track a user from site to site. 尤其是Cookie,它使Google,Facebook等公司能够从一个站点到另一个站点跟踪用户。 However, as you've correctly indicated, cookies are incompatible with REST-based APIs. 但是,正如您已经正确指出的那样,cookie与基于REST的API不兼容。
Therefore, your only option is authentication. 因此,唯一的选择是身份验证。 By forcing the client to authenticate, you can then know exactly the identity of the client and track that client's activities. 通过强制客户端进行身份验证,您可以确切地知道客户端的身份并跟踪该客户端的活动。 Nothing else will suffice. 没有别的就足够了。 There is no way to access client details such as a MAC address, because you can only access what the client chooses to share, and that is not one of those things. 无法访问客户端详细信息(例如MAC地址),因为您只能访问客户端选择共享的内容,而这不是其中之一。 Even if it was, it could be manipulated. 即使是这样,也可以对其进行操纵。 IP addresses once were somewhat identifying, but in this age of WAPs, proxies, VPNs and such, a single IP could be used by any number of unique clients. IP地址曾经在某种程度上可以识别,但是在WAP,代理,VPN等时代,单个IP可以被任意数量的唯一客户端使用。 Also, again, the IP address can be spoofed as well, so even if you could identify a client by IP, it wouldn't ensure that you were truly dealing with that client. 同样,IP地址也可以被欺骗,因此即使您可以通过IP识别客户端,也无法确保您确实与该客户端打交道。
There's various forms of authentication you can choose from. 您可以选择多种形式的身份验证。 JWT (JavaScript Web Tokens) are popular nowadays, but you can just as easily use client authentication, certificate authentication, OAuth, OpenID, etc. The main point is to simply force the client to authenticate, in some form. JWT(JavaScript Web令牌)在当今很流行,但是您可以轻松地使用客户端身份验证,证书身份验证,OAuth,OpenID等。要点是简单地强制客户端以某种形式进行身份验证。 Only then can you identity the client. 只有这样,您才能标识客户端。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.