堆栈内存溢出
  简体   繁体   English

API认证授权

[英]API authentication and authorization

 原文  2020-04-09 10:50:42       c#/ .net/ rest/ api/ asp.net-core

问题描述

What is the result if I did use No Auth type and in the same time I can pass the token inside the body and I will request that token and make my own filter?如果我确实使用了 No Auth 类型,同时我可以在正文中传递令牌,我将请求该令牌并制作我自己的过滤器,结果会怎样?

3 个解决方案

解决方案1
 0  2020-04-09 11:07:05

You'll be much better off finding a replacement authorization and/or authentication library if you don't like the built-in one.如果您不喜欢内置的授权和/或身份验证库,您最好找到一个替代授权和/或身份验证库。 If there's something about the default auth configuration, there's probably a way to change those defaults -- ASP.NET Core authorization and authentication have been greatly improved to support most common scenarios.如果有一些关于默认身份验证配置的内容,可能有一种方法可以更改这些默认值——ASP.NET 核心授权和身份验证已得到极大改进,以支持大多数常见场景。 I would recommend picking a preexisting library for these two functionality items and posting questions about them as you run into issues.我建议为这两个功能项选择一个预先存在的库,并在遇到问题时发布有关它们的问题。

解决方案2
 0 已采纳  2020-04-09 11:08:28

It's completely up to you.这完全取决于你。 but I won't recommend passing token in the body.但我不建议在正文中传递令牌。

In post request you have to pass some data along with the token then your request body will look like this在发布请求中,您必须将一些数据与令牌一起传递,然后您的请求正文将如下所示

{
"Token":"sdfjklsklfjsdkljfskljflskjfskljflsdk",
"data":{
         "FirstName":"Pankaj",
         "LastName":"Rawat"
  }
}

C# Employee.cs C# Employee.cs

Public class Employee
{
public string FirstName {get; set;}
public string LastName {get; set;}
}

You will not able to map your post data directly with your type object and you need to write extra code to get token and data separate.您将无法使用您的类型 object 直接 map 您的帖子数据,您需要编写额外的代码来分离令牌和数据。

Most of the time, we pass all big JSON parameter in the method body, every time you need to deserialize your request body to get token (even token is invalid or not present)大多数时候,我们在方法体中传递所有大的 JSON 参数,每次您需要反序列化您的请求体以获取令牌(即使令牌无效或不存在)

You can write your own Auth filter but you should pass token in request header您可以编写自己的身份验证过滤器,但您应该在请求 header 中传递令牌

解决方案3
 0  2020-04-09 14:20:41

In future, you might have to add multiple fallbacks for different content type case.将来,您可能必须为不同的内容类型案例添加多个后备。 Say for now you are passing the data in body as json string and later wish to handle authentication in a new API which uses form-data (to support files), then you would end up handling multiple cases.假设现在您将正文中的数据作为json 字符串传递,然后希望在使用表单数据(以支持文件)的新 API 中处理身份验证,那么您最终将处理多种情况。

I would recommend you to use headers to handle authentication related information.我建议您使用标头来处理与身份验证相关的信息。 Authorization header 授权 header

(Using existing libraries or building your own library is upto your choice) (使用现有库或构建自己的库由您选择)

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 REST API到授权服务器的API身份验证 - REST API to API authentication with Authorization Server 最小API Key ServiceStack认证+授权 - Minimum API Key ServiceStack authentication + authorization 身份验证筛选器无法与Web API中的授权筛选器一起使用 - Authentication Filter not working with Authorization Filter in Web API 授权和身份验证ASP.Net Web API - Authorization and Authentication ASP.Net web api 使用WPF客户端对MVC 4 Web Api进行身份验证和授权 - Authentication & Authorization with WPF Client to MVC 4 Web Api 是认证还是授权? - is this authentication or authorization? 具有相同身份验证 Web API 的多个应用程序的授权工作流程是什么? - What would be the authorization workflow for multiple applications with the same authentication web API? 使用C#的Google Calendar API v3授权和身份验证 - Google calendar api v3 authorization and authentication with C# Web API 2 中非常基本的承载令牌身份验证和授权 - Very basic bearer token authentication and authorization in Web API 2 具有角色的ASP.NET Web API中的身份验证和授权 - Authentication and Authorization in ASP.NET Web API with roles
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM