客户端JavaScript应用程序和服务器端HTTP API之间的身份验证?
[英]Authentication between client-side JavaScript application and Server Side HTTP API?
问题描述
I have built some server-side APIs work through HTTP, for my client-side applications only. 
我已经构建了一些服务器端API,通过HTTP工作,仅用于我的客户端应用程序。 So, is it possible to authenticate applications between client-side and server-side; 那么,是否可以在客户端和服务器端之间验证应用程序; and how to? 怎么样?
1 个解决方案
解决方案1
8 已采纳 2011-01-10 00:34:19
There are two options: 有两种选择:
- Sessions 会议
- HTTP authentication HTTP身份验证
The idea behind session is that the server sends a hard to guess value to the client and the client subsequently passes that value back to the server on each request. 会话背后的想法是服务器向客户端发送难以猜测的值,客户端随后在每次请求时将该值传递回服务器。 That way, the server knows from which client the request likely comes from and can keep track of whether the client has authenticated itself with the server (eg by having provided username and password on an earlier request). 这样,服务器知道请求可能来自哪个客户端,并且可以跟踪客户端是否已经用服务器认证了自己(例如,通过在先前的请求上提供了用户名和密码)。
HTTP authentication relies on the client passing authentication credentials (usually username and password) in the request header to the server with every request. HTTP身份验证依赖于客户端在每次请求时将请求标头中的身份验证凭据(通常是用户名和密码)传递给服务器。 This is usually initiated by the server sending a 401 Unauthorized response, which usually leads to the client prompting the user for a username and password. 这通常由服务器发送401 Unauthorized响应启动,这通常会导致客户端提示用户输入用户名和密码。 These information are then passed to the server, validated and (upon success) answered with the usual 200 Found . 然后将这些信息传递给服务器,验证并(成功时)用通常的200 Found回答。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.