堆栈内存溢出
  简体   繁体   English

为什么要在Web服务中使用Soap作为身份验证?

[英]Why use Soap as authenitcation in webservice?

 原文  2010-03-25 15:53:03       c#/ .net/ web-services/ soap

问题描述

I am looking at this tutorial http://www.codeproject.com/KB/cpp/authforwebservices.aspx and I am wondering what the reason for using authentication through soap is? 我正在看本教程http://www.codeproject.com/KB/cpp/authforwebservices.aspx ,我想知道通过soap使用身份验证的原因是什么? Like why not just pass the username and password through the parameters instead? 像为什么不直接通过参数传递用户名和密码呢?

Is it more secure to do it like the way the guy is in the tutorial verus just using passing it through as parameters? 像使用指南中的家伙一样,这样做是否更安全?

Thanks 谢谢

3 个解决方案

解决方案1
 3 已采纳  2010-03-25 15:55:11

Because there are standards for authenticating WS-* SOAP Based Web Services. 因为存在用于认证基于WS- * SOAP的Web服务的标准。

WS-Security is the culprit at work here. WS-Security是此处工作的元凶。

It allows for anything from username/password token authentication to X.509 authentication. 它允许从用户名/密码令牌身份验证到X.509身份验证的任何内容。 You can also use the username/password or X.509 to encrypt the body of the SOAP message so that your information is harder to get at. 您还可以使用用户名/密码或X.509来加密SOAP消息的正文,以使您的信息更难获得。

As a side note, .NET 2.0 has Web Service Extensions (WSE) 3.0 for this so you don't have to hand roll your own (which is what the author of your article did). 附带说明一下,.NET 2.0为此具有Web Service Extensions(WSE)3.0,因此您不必自己动手(这是您的文章作者所做的)。 In .NET 3.5 you would use WCF which has support for WS-Security built in. 在.NET 3.5中,您将使用WCF,它内置了对WS-Security的支持。

解决方案2
 1  2010-03-25 16:00:48

Well, no, the way that guy is doing it does not add any extra security at all. 好吧,不,这个家伙的操作方式根本不会增加任何额外的安全性。 However authentication via soap headers has several advantages when implemented correctly, using the WS* stack. 但是,如果使用WS *堆栈正确实现,则通过soap标头进行的身份验证具有多个优点。 The WS* stack is heavily based on X.509 certificates used for signing and encryption. WS *堆栈很大程度上基于用于签名和加密的X.509证书。 One of the main advantages of this is that identities can be propagated from one service to another, without having to hold on to sensitive information such as username and password. 其主要优点之一是可以将身份从一种服务传播到另一种服务,而不必保留诸如用户名和密码之类的敏感信息。

解决方案3
 0  2010-03-25 22:09:49

检出SOAP Header,可以在需要时对其进行签名和加密,并且受任何(自重)SOAP开发环境的支持...

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 如何从WebService反序列化xmlResult或使用不带SOAP的webService? - How to deserialize xmlResult from WebService or use webService without SOAP? 带有SOAP的Web服务中的前缀 - Prefix in Webservice with SOAP SOAP:PHP WebService和.Net - SOAP: PHP WebService and .Net SOAP WebService…如何? - SOAP WebService… How? PHP,Soap和ASMX WebService - Php, Soap & ASMX WebService 具有数据库访问权限的Soap WebService - Soap WebService with Database access 将Soap标头添加到.net中的Web服务 - Add soap header to a webservice in .net C# 中的 WebService Soap 响应 - WebService Soap Response in C# 将用户名和密码传递给soap Webservice - passing username and password to soap webservice C#-WebService Soap异常 - C#-WebService Soap Exception
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM