问题描述
我有一个Web服务创建web服务REST在C#中,没有任何身份验证。现在,我期待到加入身份验证的Web服务。 WebService的暴露6方法(全部为GET),出这6个方法,我想限制的2种方法管理组的成员访问。目前,我的web服务托管在一个ConsoleHost。该服务的消费者将是同一个域(通常是另一个应用程序),所以如果我能在客户端的WebService的域/用户名(Windows凭据)来传递。我可以在web服务检查,发现如果该用户是admin组的一部分或没有。
I have a created webservice REST Webservice in C# without any authentication. Now, i am looking into adding authentication to the webservice. The webservice exposes 6 methods (all are GET), out of these 6 methods, i want to restrict the access of 2 methods to member of "Admin" group. Currently, my webservice is hosted on a ConsoleHost. The consumer of this service would be in same domain (typically another application), so if I am able to pass in domain/username (Windows Credentials) of the client to the webservice. I can check in the webservice to find if that user is part of "Admin" group or not.
我的问题是我怎么通过客户端的登录凭据服务。我想,我可以使用认证头,但我没有找到一个很好的资源,了解REST Web服务认证头的使用。是否有任何其他的方法来验证Web服务的消费者?
My question is how do I pass logon credentials of the client to the service. I think, I could use authentication header, but I did not find a good resource to learn about usage of authentication headers in REST Webservices. Are there any other ways to authenticate webservice consumer?
在web服务托管,我可以在服务于浏览器的URL(像任何其他网页)型和访问该资源。如何将身份验证在这种情况下工作?
Once the webservice is hosted, I can type in the url of the service (like any other webpage) in a browser and access the resource. How would authentication work in that case?
推荐答案
也许这个指南将帮助您?
Maybe this guide will help you?
的 http://msdn.microsoft.com/en-us/library/dd203052.aspx
特别关于实施身份验证和授权的部分。
Particularly the section about "Implementing Authentication and Authorization"
这篇关于验证WCF休息的WebServices的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!