odata 的表单身份验证或自定义标头身份验证哪个更好

发布于 2024-10-03 02:10:05 字数 895 浏览 3 评论 0原文

我需要快速启动并运行它，但我花了最后几个小时研究/担心哪个会更好：

Asp.net 表单身份验证

与

自定义标头令牌：
在服务器上

protected override void OnStartProcessingRequest(ProcessRequestArgs args)
{
     if (string.IsNullOrEmpty(WebOperationContext.Current.IncomingRequest.Headers.Get("magic")))
     {
           throw new DataServiceException(403, "Sorry No Magic found");
     }
      else
     {
           base.OnStartProcessingRequest(args);
     }
}

在Windows Forms客户端上

static void datProvider_SendingRequest(object sender, SendingRequestEventArgs e)
{
    e.RequestHeaders.Add("magic","HASHED_userbased_token");
}

注意事项：

我从未使用过表单身份验证（但我可以学习？）
用户注册很复杂（检查员工记录，然后根据这些记录创建用户）
我有我自己的自定义用户组/权限表/系统
没有SSL（客户端不关心这个事实，数据并不是那么有价值）
我似乎更能控制自定义标头。

原文

I need this up and running quick but I spent the last few hours researching/worrying about which would be better:

Asp.net Forms Authentication

Custom Header Token:
On the server

protected override void OnStartProcessingRequest(ProcessRequestArgs args)
{
     if (string.IsNullOrEmpty(WebOperationContext.Current.IncomingRequest.Headers.Get("magic")))
     {
           throw new DataServiceException(403, "Sorry No Magic found");
     }
      else
     {
           base.OnStartProcessingRequest(args);
     }
}

On the Windows Forms client

static void datProvider_SendingRequest(object sender, SendingRequestEventArgs e)
{
    e.RequestHeaders.Add("magic","HASHED_userbased_token");
}

Considerations:

I've never used forms auth (but I can learn?)
The user registration is complex (Employee records are checked then users are created based on those)
I have my own custom usergroups/permission tables/system
There is no SSL (client doesnt care about this fact, data is not all that valuable)
I seem like Im more in control with the custom header.

分享到QQ

分享到微博