stackoom
  简体   繁体   中英

Authenticate a web service

 原文  2012-10-09 05:35:53       c#/ .net/ web-services/ rest

Question

I have developed some RESTful web services using C#. Can anyone suggest me (with some resources to follow) the best method to authenticate the services since it will be passing through and retrieving some very sensitive data.

6 answers

solution1
 2  2012-10-09 05:48:10

Are you using WebAPI for your RESTful services? or have you developed using the deprecated REST starter kit?

If you are using WebAPI, you can follow this link:

http://www.piotrwalat.net/basic-http-authentication-in-asp-net-web-api-using-membership-provider/

You can use Standard Authorize attribute and you can also extend that class to customize to your needs and use https for secure channel.

solution2
 2 ACCPTED  2012-10-09 06:16:11

I will recommend using API Key, here is an post to follow. http://blogs.msdn.com/b/rjacobs/archive/2010/06/14/how-to-do-api-key-verification-for-rest-services-in-net-4.aspx

This gives you the security you need with simplicity, and it doesnt prevent you to add further security on top such as https or use of client certificates.

solution3
 1  2012-10-09 05:40:03

There's a number of ways to go about this, and your final solution should probably employ a mixture of them. First of all, only expose HTTPS endpoints (and get a good certificate). If possible, use Windows authentication, and limit access to only certain users. You might also encrypt certain of the data elements that are coming in (and decrypt them in your C# code).

solution4
 1  2012-10-09 05:46:17

In similar situation I am using https and two additional two parameter for each request. Those are user name and encrypted password.

solution5
 1  2012-10-09 05:47:52

I Knew a simple solution but it's very simple and straight forward,
You can authorize the service request by validating some common input parameter, like some valid key as a query parameter for the service and validate it in the service .. If succeed go ahead, fails say . In JVM Servers I can have the actual key and will request the server to authenticate the incoming key. No aware about C#... HTH

solution6
 1  2012-10-09 05:54:41

If you are very concerned about authentication, one of the best methods is to use SSL Client Certificates . You create and issue an SSL certificate for each user of your system, and they use that certificate when connecting to your server (obviously, over SSL). You can verify that they are the authenticated user through APIs specific to your web server.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Authenticate Solr connection in web service How discover the binding configuration to authenticate in web service Authenticate a site/app to access a Web API Service Pre authenticate web service request in C# How to authenticate into a Report Server Web Service? How to authenticate a web service in C# Authenticate a Windows Service to a iis web service with “Windows Authentication” Authenticate against Exchange web service using existing credentials How Re-authenticate with Web Service and then Retry REST Call Unable to use SoapHeader to authenticate Web Service in .NET 4.0
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM