访问会员提供商背后的网络服务

发布于 2024-08-29 01:29:33 字数 166 浏览 3 评论 0原文

我有一个网站托管一项使用会员提供商授权的网络服务。我希望能够通过第二个站点的 Web 服务调用进行身份验证,而不会弹回到 Web 服务站点上的登录页面。我怎样才能做到这一点?

附带说明一下,我最好允许为访问该站点的特定主机制定自定义规则。因此,如果请求来自 www.mysite.com,它将覆盖授权。

I have one website that hosts a webservice which uses membership provider authorization. I would like to be able to authenticate through my webservice call from a second site without getting bounced back to my login page on the webservice site. How can I accomplish this?

As a side note, it would be best for me to allow a custom rule for specific hosts accessing the site. So if the request is coming from www.mysite.com, it would override the authorization.

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(2

ι不睡觉的鱼゛ 2024-09-05 01:29:33

您可以在 web.config 中使用 标签来打开特定目录或文件。

我不相信主机有一种内在的访问控制方法。

一个非常简单的方法是实现一个简单的 HttpModule 来保护端点或目录。

using System;
using System.Net;
using System.Web;

namespace HttpLibArticleSite
{
    public class GuardDogModule : IHttpModule
    {
        #region IHttpModule Members

        public void Init(HttpApplication context)
        {
            context.BeginRequest += BeginRequest;
        }

        public void Dispose()
        {
            //noop
        }

        #endregion

        private static void BeginRequest(object sender, EventArgs e)
        {
            HttpContext ctx = (HttpContext) sender;

            if (ctx.Request.Url is not guarded) return;

            if (ctx.Request.Headers["take your pick"] != what
            you want)
            {
                ctx.Response.StatusCode = (int) HttpStatusCode.Forbidden;
                ctx.Response.End();
            }
        }
    }
}

显然,没有遵守,也没有经过测试,但会带你去你需要去的地方。只需参考 web.config system.web/httpModules 部分即可了解如何部署。

干杯。

You may use a <location/> tag in your web.config to open a specific directory or file up.

I don't believe there is an intrinsic method of access control by host.

A very simple way to do this would be by implementing a simple HttpModule that guards the endpoint or directory.

using System;
using System.Net;
using System.Web;

namespace HttpLibArticleSite
{
    public class GuardDogModule : IHttpModule
    {
        #region IHttpModule Members

        public void Init(HttpApplication context)
        {
            context.BeginRequest += BeginRequest;
        }

        public void Dispose()
        {
            //noop
        }

        #endregion

        private static void BeginRequest(object sender, EventArgs e)
        {
            HttpContext ctx = (HttpContext) sender;

            if (ctx.Request.Url is not guarded) return;

            if (ctx.Request.Headers["take your pick"] != what
            you want)
            {
                ctx.Response.StatusCode = (int) HttpStatusCode.Forbidden;
                ctx.Response.End();
            }
        }
    }
}

not complied, obviously, and not tested but will get you where you need to go. Just refer to the web.config system.web/httpModules section to see how to deploy.

Cheers.

夜深人未静 2024-09-05 01:29:33

您必须将 web.config 文件放置在 Web 服务的目录中并允许匿名访问它。或者,您可以将其设置为仅 Windows 身份验证,并使用模拟来授权调用。

You would have to place a web.config file inside the directory of your webservice and allow anonymous access to it. Or you could make it Windows Authentication only and use impersonation to authorize the call.

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文