Techniques to Authenticate Web Server to C# Application
Question
I have a C# program that fetches XML from my server to display news, show update alerts, and control parts of the program behavior. What techniques do I have at my disposal to ensure the program is connected to a REAL server?
1 answers
solution1
0 2011-12-05 02:56:00
Ususally I use SOAP web services for similar tasks. To ensure only allowed clients can connect, I do use:
- Ensure only HTTPS connections are allowed.
- Have an API key (
string) as an addition parameter to all web service methods.
By using the API key, the server can check a list of allowed API keys (eg stored in a database or simply a constant string) and reject non-allowed client requests with invalid API keys.
An example would be:
public class MyWebService :
WebService
{
[WebMethod]
public string GetXml(string apiKey)
{
if( isApiKeyValid(apiKey) )
{
var doc = new XmlDocument();
// TODO: generate XML document.
return doc.OuterXml;
}
else
{
throw new Exception("Invalid API key.");
}
}
}
The isApiKeyValid function would contain the logic to check whether the passed API key is valid or invalid.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.