访问控制Web服务

编程入门行业动态更新时间:2024-10-25 10:27:03

本文介绍了访问控制Web服务的处理方法，对大家解决问题具有一定的参考价值，需要的朋友们下面随着小编来一起学习吧！问题描述

这是我希望达到的：

我的ASP.NET Web服务托管一个名为 //服务服务器上。我想通过服务器和应用程序，以及控制访问Web服务。我的意思是在这里，如果我有两个ASP.NET Web应用程序（APP1和APP2）主办的一个名为 // web1的服务器上，我只希望 // web1的/ APP1 能够调用Web服务。我知道我可以允许访问的IP地址 // web1的但是这将让双方的 // web1的/ APP1 和 // web1的/ APP2 访问Web服务。

My ASP.NET web service is hosted on a server called //service. I want to control access to the web service by server and by application as well. What I mean here is if I have two ASP.NET web applications (app1 and app2) hosted on a server called //web1 and I only want //web1/app1 to be able to call the web service. I know that I can grant access to the IP address of //web1 but that would allow both //web1/app1 and //web1/app2 access to the web service.

我正在考虑使用SSL证书，因为我不想让Web应用程序来处理登录/密码。在 //服务后，我会授予访问的 // web1的的IP映射，并从客户端证书的 // web1的到Windows帐户这将允许从 // web1的只应用程序访问。但后来我怎么进一步控制访问只 // web1的/ APP1 ？

I am thinking about using an SSL certificate as I don't want the web application to handle the login/password. on //service, I will grant access to the ip of //web1 and map a client certificate from //web1 to a windows account and this will allow only applications from //web1 to access. But then how do I further control the access to only //web1/app1?

推荐答案

您可以使用标准的 HTTP验证控制哪些应用程序可以访问Web服务。

You can use standard HTTP Authentication to control which applications have access to your web service.

凭据在批准每个请求头中传递。每一个Web服务客户端（即// web1的/ APP1）应该有自己的凭据，所以如果// web1的/ APP2试图连接到Web服务，而不提供认可证书，这将被拒绝访问。

Credentials are passed in the Authorization header with each request. Every web service client (i.e. //web1/app1) should have its own credentials, so if //web1/app2 tried to connect to the web service without providing recognized credentials, it would be denied access.

我建议使用SSL来加密所有交通，使认证信息和其他敏感数据是安全的。

I recommend using SSL to encrypt all traffic, so that authentication information and other sensitive data is secure.

下面是一些文章可能会有所帮助：

Here are a few articles that may be helpful: