Web服务器到C#应用程序的身份验证技术
[英]Techniques to Authenticate Web Server to C# Application
问题描述
I have a C# program that fetches XML from my server to display news, show update alerts, and control parts of the program behavior. 
我有一个C#程序,该程序从服务器中获取XML以显示新闻,显示更新警报以及控制程序行为的一部分。 What techniques do I have at my disposal to ensure the program is connected to a REAL server? 我可以使用哪些技术来确保程序连接到REAL服务器?
1 个解决方案
解决方案1
0 2011-12-05 02:56:00
Ususally I use SOAP web services for similar tasks. 通常,我将SOAP Web服务用于类似的任务。 To ensure only allowed clients can connect, I do use: 为了确保只有允许的客户端可以连接,我使用:
- Ensure only HTTPS connections are allowed. 确保仅允许HTTPS连接。
- Have an API key (
string) as an addition parameter to all web service methods.将API密钥( string)作为所有Web服务方法的附加参数。
By using the API key, the server can check a list of allowed API keys (eg stored in a database or simply a constant string) and reject non-allowed client requests with invalid API keys. 通过使用API密钥,服务器可以检查允许的API密钥列表(例如,存储在数据库中或仅存储为常量字符串),并使用无效的API密钥拒绝不允许的客户端请求。
An example would be: 一个例子是:
public class MyWebService :
WebService
{
[WebMethod]
public string GetXml(string apiKey)
{
if( isApiKeyValid(apiKey) )
{
var doc = new XmlDocument();
// TODO: generate XML document.
return doc.OuterXml;
}
else
{
throw new Exception("Invalid API key.");
}
}
}
The isApiKeyValid function would contain the logic to check whether the passed API key is valid or invalid. isApiKeyValid函数将包含检查所传递的API密钥是否有效的逻辑。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.