使用 Web API 进行身份验证的最简单方法是什么?
我有一个 Web API,无需身份验证即可向用户提供数据(该网站允许用户在使用传统 cookie 和会话登录后发布数据)。有人想要开发一个 iPhone 应用程序,将内容添加到我的数据库中,所以我希望用户在 iPhone 上进行身份验证,然后 api 将允许发布。
那么,我应该注意什么才能轻松做到这一点?目前的 API 是 RESTful,保持这种状态就好了。显然我对此很陌生,但似乎有太多标准我不知道从哪里开始。如果我能在不到一个小时的时间内完成编码,那就太理想了。
非常感谢!
I've got a web API that provides data to users without authentication (the website lets users post data, after they've logged in using traditional cookies & sessions). Someone wants to develop an iPhone app that adds things to my database, so I want a user to authenticate on the iPhone, and then the api will allow posting.
So, what should I look in to do this easily? The API as it stands is RESTful, it'd be nice to keep it that way. Obviously I'm new to this but there seem to be so many standards I don't know where to start. If I can code it up in less than an hour, that'd be ideal.
Much appreciated!
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
实现这一点的一个不错的方法是向应用程序创建者提供令牌和应用程序 ID,并让他们使用该令牌作为商定的加密方法的盐,将用户名和密码(加上应用程序 ID)发送到新的应用程序。新会话的 API 调用。
收到新会话的请求后,您将根据提供的 appid 查找其令牌,并尝试使用该令牌解密用户/通行证。
如果用户/通行证被接受,那么您将创建一个新会话并将会话 ID 返回给他们,他们可以将其与任何新请求一起发送。
这可以防止应用程序必须为每个请求发送身份验证,并允许您在给定时间使会话过期。
A decent way to implement this would be to provide the app creator with a token as well as an app id, and have them use that token as salt for an agreed upon encryption method to send username and password (plus app id) to a new API call for a new session.
Upon receiving the request for a new session, you would look up their token based on the appid provided, and try and decrypt the user/pass using the token.
If the user/pass are accepted, then you create a new session and return the session id to them, which they can send along with any new requests.
This prevents the app from having to send authentication for every request, and allows you to expire sessions at a given time.
WebSecurity 是在 ASP.NET MVC 4 中引入的。它依赖于 SimpleMembershipProvider。它使用 FormsAuthentication 来管理 cookie
WebMatrix.WebData.WebSecurity为 ASP.NET 网页应用程序提供安全和身份验证功能,包括创建用户帐户、登录和注销用户、重置或更改密码的功能,并执行相关任务。您必须先创建或初始化 WebSecurity 数据库,然后才能在代码中使用 WebSecurity 对象。
在网站的根目录中,创建一个名为 _AppStart.cshtml 的页面(或编辑页面)。
您可以通过以下代码验证您的请求。
一旦身份验证成功,您将获得 WebSecurity.IsAuthenticated 的值为 true,并且您将获得用户的身份,
您还可以使用“
SimpleRoleProvider”来管理应用程序中的角色WebSecurity was introduced in ASP.NET MVC 4. It relies on the SimpleMembershipProvider. It uses FormsAuthentication to manage cookies
WebMatrix.WebData.WebSecurityis provides security and authentication features for ASP.NET Web Pages applications, including the ability to create user accounts, log users in and out, reset or change passwords, and perform related tasks.You must create or initialize an WebSecurity database before you can use the WebSecurity object in your code.
In the root of your web, create a page (or edit the page ) named _AppStart.cshtml.
you can authenticate your request by following code.
once authenticated successed , you will get value of WebSecurity.IsAuthenticated is true and you will get user's identity
you can also use "
SimpleRoleProvider" for manage roles in your application