Best way to handle authentication on .NET WCF Web

2020-06-03 06:41发布

站内问答 / 后端开发
1695 3 3

I'm mildly familiar with DotNetOpenAuth and OAuth in general, but in terms of Web API development, what is the best way to lock down a web service in terms of the following criteria:

  • Ease of implementation
  • Interoperability/compatibility with end-user facing platforms (iOS, Android, Win Phone, Flex...)
  • Whether or not it is clearly standards-based (like OAuth for example)

Thanks!

3条回答
戒情不戒烟
2楼-- · 2020-06-03 07:13

There are a couple of wcf web api implementation to handle authentication on internet. I have done one as well @ http://misaxionsoftware.wordpress.com/2011/07/29/secure-restful-web-service-by-wcf-web-api-no-https-seriously/

Note: code is based on Preview 3, some class name has changed in Preview 5.

The idea of implementation is ensure secured communication without SSL.

It's easy to construct. The function is transparent to your service because all the work is done in message handler. You don't bother to call the authenticate function in your service method.

Compatible with end-point where RSA encryption is supported.

Standards-based, hmm... Standards varies from case to case...

查看更多
0人赞 添加讨论(0) 举报
该账号已被封号
3楼-- · 2020-06-03 07:22

please take a look here: OAuth 2.0 in Web API

Inside the WebApiContrib project there are also Basic Authentication samples which is straight forward but it should not be used without SSL.

查看更多
0人赞 添加讨论(0) 举报
Melony?
4楼-- · 2020-06-03 07:30

The DotNetOpenAuth .zip download includes a sample WCF service that is protected by OAuth.

查看更多
0人赞 添加讨论(0) 举报
登录 后发表回答
相关问题
查看全部
相关文章
查看全部
收藏的人(3)