授权Web服务请求
[英]Authorize Web Service Requests
问题描述
We have built numerous web services and hosted them on our internal servers and these will be used by our iPhone application. 
我们已经构建了许多Web服务并将它们托管在我们的内部服务器上,这些服务将由我们的iPhone应用程序使用。 End users of the iPhone app need not sign into the application, they can just use the app without any credentials. iPhone应用程序的最终用户无需登录应用程序,他们可以在没有任何凭据的情况下使用该应用程序。
Whenever web services receive a request; 每当Web服务收到请求时; I want to authorize that these requests are coming from iPhone app. 我想授权这些请求来自iPhone应用程序。 How can i do this? 我怎样才能做到这一点?
Thanks! 谢谢!
1 个解决方案
解决方案1
3 已采纳 2012-09-25 17:47:05
How safe do you want it to be ? 你想要它有多安全?
The dead simple and widely used technique is to require all webservice request include an ApiKey header. 死的简单且广泛使用的技术是要求所有web服务请求包括ApiKey头。 The server must then validate the ApiKey against a known list of allowed ApiKeys. 然后,服务器必须根据允许的ApiKeys的已知列表验证ApiKey。 If communication is done over SSL this is fairly safe (would require disassembly of the client code to find the key), on the other hand if communication is plain http, the ApiKey can be easily sniffed. 如果通过SSL进行通信,这是相当安全的(需要反汇编客户端代码才能找到密钥),另一方面,如果通信是纯HTTP,则可以轻松地嗅探ApiKey。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.