堆栈内存溢出
  简体   繁体   English

验证从桌面应用程序到我的网站的HTTP请求

[英]Authenticate HTTP requests from desktop application to my website

 原文  2011-08-23 20:56:29       c#/ desktop-application

问题描述

I am making a desktop software in C#. 我正在用C#制作桌面软件。 This software will send Http requests to my site which has a php script to respond to the requests, at regular intervals. 该软件会定期向我的站点发送Http请求,该站点具有一个php脚本来响应请求。 On my site, I need to verify that the request came from the software and not by the user from his own program. 在我的网站上,我需要验证请求是否来自软件,而不是用户来自其自己的程序。 I mean the user can replicate the POST string and start making requests to my server. 我的意思是用户可以复制POST字符串并开始向我的服务器发出请求。 I guess to do that I will have to send some certificates along with the request as Microsoft Applications do it. 我想这样做是因为Microsoft应用程序必须随请求一起发送一些证书。 I searched for it but did not not find anything useful.Please tell me how to authenticate . 我搜索了它,但没有找到任何有用的信息。请告诉我如何进行身份验证。

1 个解决方案

解决方案1
 0  2011-08-23 21:06:32

What you need to do is create a cryptographic signature to append to the request in a header. 您需要做的是创建一个加密签名,以在标头中附加到请求。 What I mean by that is that you take some relevant aspects of the request like URL, form values, date / time and then create a cryptographic signature that your application presents as proof that it possesses your crypto cert. 我的意思是,您需要处理请求的一些相关方面,例如URL,表单值,日期/时间,然后创建一个加密签名,应用程序将其呈现为证明其拥有您的加密证书的证据。 Here's a simple example: 这是一个简单的例子:

Cryptographic Signatures 密码签名

Like I said, you generate this signature and then append it as an HTTP header to the request. 就像我说的,您生成此签名,然后将其作为HTTP标头附加到请求中。 Then, your server software needs to verify the signature. 然后,您的服务器软件需要验证签名。 If it can verify the signature, you can be reasonably sure that the requester possesses the cert and that the request is (probably) coming from your software. 如果可以验证签名,则可以合理地确定请求者拥有证书,并且该请求(可能)来自您的软件。

A savvy user can still decompile your code, get the cert and construct their own requests, but at least you've made it vastly more difficult. 精明的用户仍然可以反编译您的代码,获取证书并构造自己的请求,但是至少您使它变得更加困难。 The best you could do to protect against that would be to have your certs expire at regular intervals, but then you have to manage getting the new certs to customers. 您可以采取的最好措施是,使证书定期失效,但随后您必须设法将新证书提供给客户。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 将数据从我的远程网站中的javascript函数传递到桌面应用程序上的ac#应用程序 - Passing data from a javascript function in my remote website to a c# application on my desktop application C#和LinkedIn:从桌面应用程序验证用户身份吗? - C# & LinkedIn: authenticate user from desktop application? 通过桌面应用程序控制网站 - Control website via desktop application 黑客可以超越桌面应用程序的Internet http剩余呼叫吗? - Can a hacker surpass internet http rest calls from desktop application? 确保我的C#桌面应用程序正在向ASP .NET MVC操作发出请求? - Ensure that my C# desktop application is making requests to my ASP .NET MVC action? Rails 3.2-允许来自.NET客户端应用程序的HTTP请求 - Rails 3.2 - Allowing HTTP Requests from .NET Client Application 标记用户从我的应用程序访问网站 - Mark users coming to website from my application 如何在Windows桌面应用程序中使用表单身份验证对用户进 - How to authenticate user with form authentication in Windows Desktop Application 无法从我的Windows 8.1应用程序发送HTTP请求 - Can't send HTTP requests from my Windows 8.1 app 有没有一种简单的方法可以使用Office 365 API对WPF桌面应用程序进行身份验证? - Is there a simple way to authenticate WPF Desktop application with Office 365 API?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM