[英]Authenticate HTTP requests
I'm developing an API that receives HTTP requests from the Internet. 我正在开发一种API,该API可以从Internet接收HTTP请求。 One of the problems I'm facing is how to authenticate those requests in order to know that they are actually coming from a specific IP address.
我面临的问题之一是如何对那些请求进行身份验证,以便知道它们实际上来自特定的IP地址。
Any ideas? 有任何想法吗?
Thank you! 谢谢!
Given that it's truly the IP address that you're needing to authenticate, and not any sort of user, then HTTP is too high on the networking stack. 鉴于它确实是您需要认证的IP地址,而不是任何类型的用户,因此HTTP在网络堆栈上太高了。 You need something like IPSec or WireGuard to authenticate IP addresses.
您需要IPSec或WireGuard之类的东西来认证IP地址。
I suggest to redirect user to authenticate on HTTPS server that generates a token for him and then with that token request the infos on the HTTP server, so even a man in the middle can obtain current session and when the user logout it is useless. 我建议将用户重定向到HTTPS服务器上的身份验证,该服务器会为他生成令牌,然后使用该令牌请求HTTP服务器上的信息,因此即使是中间人也可以获取当前会话,并且当用户注销时它是无用的。
And then you can even validate the IP from login on HTTPS on each HTTP request. 然后,您甚至可以通过在每个HTTP请求上登录HTTPS来验证IP。
Edit: I think the whole process is explained really well here 编辑:我认为整个过程在这里解释得很好
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.