问题描述
亲爱的,
我需要学习具有以下约束条件的特定客户请求:
我有一个服务器A正在托管SQL server 2012
我有CLIENT A本地托管Server 2012数据库并在Windows 10下运行
客户端A需要获取一些数据来自服务器A
客户端A来自服务器A的反向数据更新本地数据
为了做到这一点,首先要考虑的是将Web服务层放入服务器的前端在IIS下托管的数据库。
该解决方案适用于公司域,可以测量客户端A和服务器A之间可以通过VPN通道直接建立网络连接
从客户端A,用户通过Windows登录 User1 进行识别。然后,当我们想通过服务器端托管的Web服务连接到服务器A数据库时,我们需要使用服务器数据库中定义的
定制用户(如OPER_USER,TECH_USER,MAINT_USER)对Web服务进行身份验证。
这样做的方法我正在考虑使用Authtication方法,例如我们传递一个用户名,如OPER_USER。然后,如果服务器A在数据库中找到该用户,则返回valide认证和相关的TOKEN(GUID)。
然后,对于每次进一步调用web服务方法,然后将TOKEN传递给每种方法都可以验证所有进一步的请求。
问题:
- 根据您的经验,此认证假设是否合适?
- 我想因为服务是在IIS下托管的,IISUser需要公开对SQL服务器数据库的更正吗?
感谢您的输入
问候
Dear all,
I need to study a specific customer request with the following constraint :
I have a SERVER A which is hosting SQL server 2012
I have CLIENT A which is hosting locally a Server 2012 database as well and run under Windows 10
Client A need to get some data from SERVER A
Client A update local data from retrive data from SERVER A
In order to do that the first appreoach in mind is to place Web services layer in front of SERVER A database hosted under IIS.
The solution works in a company domain which measn that between client A and Server A can have direct network connection of through VPN channel
From CLIENT A, user gets identified through windows login User1 for instance. Then when we want to connect to Server A database through web service hosted at server side, we need to be authenticated to web service using custom users defined in server database like OPER_USER, TECH_USER,MAINT_USER.
The way to do that I was thinking of having an Authtication method for which we pass a User name like OPER_USER for instance. Then if the server A find that user in database it return a valide authetication and an associated TOKEN ( GUID).
Then for each further call to web service metho, then the TOKEN is pass to each method to validate all further request.
Question :
- Does this authentication mecasnism sound suitable based on your experience ?
- I guess that as service is hosted under IIS, the IISUser need to have public permision to SQL server database correct ?
Thanks for your input
regards
这篇关于Web服务设计建议的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!