[英]Techniques to Authenticate Web Server to C# Application
I have a C# program that fetches XML from my server to display news, show update alerts, and control parts of the program behavior. 我有一个C#程序,该程序从服务器中获取XML以显示新闻,显示更新警报以及控制程序行为的一部分。 What techniques do I have at my disposal to ensure the program is connected to a REAL server?
我可以使用哪些技术来确保程序连接到REAL服务器?
Ususally I use SOAP web services for similar tasks. 通常,我将SOAP Web服务用于类似的任务。 To ensure only allowed clients can connect, I do use:
为了确保只有允许的客户端可以连接,我使用:
string
) as an addition parameter to all web service methods. string
)作为所有Web服务方法的附加参数。 By using the API key, the server can check a list of allowed API keys (eg stored in a database or simply a constant string) and reject non-allowed client requests with invalid API keys. 通过使用API密钥,服务器可以检查允许的API密钥列表(例如,存储在数据库中或仅存储为常量字符串),并使用无效的API密钥拒绝不允许的客户端请求。
An example would be: 一个例子是:
public class MyWebService :
WebService
{
[WebMethod]
public string GetXml(string apiKey)
{
if( isApiKeyValid(apiKey) )
{
var doc = new XmlDocument();
// TODO: generate XML document.
return doc.OuterXml;
}
else
{
throw new Exception("Invalid API key.");
}
}
}
The isApiKeyValid
function would contain the logic to check whether the passed API key is valid or invalid. isApiKeyValid
函数将包含检查所传递的API密钥是否有效的逻辑。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.