堆栈内存溢出
  简体   繁体   English

如何在Metro风格的应用程序中验证网站成员

[英]How to authenticate a website member in a Metro-style App

 原文  2012-06-07 10:09:08       c#/ .net/ security/ webmatrix/ asp.net-webpages

问题描述

I have a website that uses WebMatrix user authentication (login/register pages) and I am making an app in Windows 8 release preview and would like to know if it is possible to authenticate users of my app (let users of my app sign in to my app) if they are registered members of my website? 我有一个使用WebMatrix用户身份验证(登录/注册页面)的网站,我正在Windows 8发布预览中制作应用程序,并想知道是否可以对我的应用程序的用户进行身份验证(让我的应用程序的用户登录到我的应用)如果他们是我网站的注册会员? And if they are not, allow them to register through my app - but it appears that remost db connections are not possible in Metro apps - so I don't know what to do. 如果不是,请允许他们通过我的应用程序进行注册 - 但似乎在Metro应用程序中无法进行数据库连接 - 所以我不知道该怎么做。 Can somebody please help? 有人可以帮忙吗?

I've been searching for weeks but there still isn't a whole lot of official documentation out there. 我已经搜索了几个星期,但仍然没有很多官方文档。

1 个解决方案

解决方案1
 2 已采纳  2012-06-07 10:19:57

You should never ever allow any client or user program to access your database directly (not even read access). 永远不应该允许任何客户端或用户程序直接访问您的数据库(甚至不读取访问权限)。 People WILL abuse it one way or another and they might try exploits to gain write access if their access is restricted to reading. 人们会以这种或那种方式滥用它,如果他们的访问仅限于阅读,他们可能会尝试使用漏洞来获取写访问权。 If you'd like a prominent example, Super Meat Boy did that exactly, and they got lots of database issues and abuse over last year's christmas days (while there game was on (Steam) sale, so they got lots of additional upset players!). 如果你想要一个突出的例子,Super Meat Boy就是这么做的,他们在去年圣诞节那天得到了很多数据库问题和滥用(当时游戏正在进行(Steam)销售,所以他们有很多额外的不安玩家! )。

I've never used WebMatrix, so I might be a bit off here, but in general you should have several possible approaches - all being better than doing direct database access: 我从来没有使用过WebMatrix,所以我可能有点偏离这里,但总的来说你应该有几种可能的方法 - 都比直接数据库访问更好:

  • Use some provided remote access (this might be some extra class or addon or whatever; IF available). 使用一些提供的远程访问(这可能是一些额外的类或插件或其他;如果可用)。
  • Write your own remote access tool. 编写自己的远程访问工具。 This would essentially be some special website accepting/returning text or data interpreted by your program. 这基本上是一些特殊网站接受/返回由您的程序解释的文本或数据。 Eg you could post the login credentials in a HTTP POST request and it could return ok or failed or something like that. 例如,您可以在HTTP POST请求中发布登录凭据,它可以返回okfailed或类似的东西。
  • Essentially fake a web browser and access the standard URLs/scripts/systems provided by WebMatrix. 基本上伪造Web浏览器并访问WebMatrix提供的标准URL /脚本/系统。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 如何在Metro风格的应用程序中选择打印机 - How to choose printer in Metro-style app 使用Metro风格的应用程序启动桌面应用程序 - Launching a Desktop Application with a Metro-style app Visual Studio 2012 RC中没有Metro风格的应用程序模板 - No Metro-style app template in Visual Studio 2012 RC Win8 Metro风格的应用程序中的OpenID(使用Steam进行身份验证) - OpenID in a Win8 Metro-style app (Authenticating with Steam) 访问Win8 Metro风格的应用程序中的其他进程 - Accessing other processes in Win8 Metro-style app Metro风格应用中的简单径向渐变背景 - Simple radial gradient background in Metro-Style App 拍照,然后将其保存到Windows 8 Metro风格的应用程序中的磁盘上 - Taking a Picture, and saving it to Disk in a Windows 8 Metro-style App 无法从Metro风格的应用程序获得可用磁盘空间 - Unable to get free disk space from Metro-style app 不分组使用 Metro-Style GridView - Using the Metro-Style GridView without Grouping Metro风格的应用程序发布问题 - Publishing issues with Metro-style Apps
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM