我将要创建支持现有Web应用程序的移动应用程序(iOS,Android,..),现在正在考虑如何从我的网站向我们的移动应用程序提供安全的API(ASP.Net Web API).
I am about to create mobile applications (iOS, android, ..) to support existing web application and now thinking how to provide a secure API (ASP.Net Web API) from my web to our mobile apps.
OAuth似乎是最好的方法. 据我了解,它旨在启用针对我们的API编写的第三方应用程序.但是我只将Web服务仅用于自己的应用程序.
OAuth seems the best way to do it. From what I understand, it is designed to enable 3rd party applications written against our API. But I only use the web services just for my own apps.
我需要使用OAuth,还是有任何简单的方法?
Do I need to go with OAuth, or is there any simple way?
推荐答案OAuth有2个分支版本,专门用于2方安全性.也就是说,您不需要使用OAuth. REST服务基本上只是HTTP服务,因此您可以使用任何喜欢的HTTP身份验证,即使基本身份验证也可以正常工作.只需记住使用HTTPS来保护您的在线密码即可.
There is a 2 legged version of OAuth that is designed for 2 party security. That said you don't need to use OAuth. A REST service is basically just an HTTP service so you can use any HTTP authentication you like, even basic authentication will work just fine. Just remember to use HTTPS to protect your passwords on the wire.
更多推荐
仅为我自己的移动应用程序创建API.我需要OAuth吗?
发布评论