问题描述

亲爱的，

我需要学习具有以下约束条件的特定客户请求：

我有一个服务器A正在托管SQL server 2012

我有CLIENT A本地托管Server 2012数据库并在Windows 10下运行

客户端A需要获取一些数据来自服务器A

客户端A来自服务器A的反向数据更新本地数据

为了做到这一点，首先要考虑的是将Web服务层放入服务器的前端在IIS下托管的数据库。

该解决方案适用于公司域，可以测量客户端A和服务器A之间可以通过VPN通道直接建立网络连接

从客户端A，用户通过Windows登录 User1 进行识别。然后，当我们想通过服务器端托管的Web服务连接到服务器A数据库时，我们需要使用服务器数据库中定义的
定制用户（如OPER_USER，TECH_USER，MAINT_USER）对Web服务进行身份验证。

这样做的方法我正在考虑使用Authtication方法，例如我们传递一个用户名，如OPER_USER。然后，如果服务器A在数据库中找到该用户，则返回valide认证和相关的TOKEN（GUID）。

然后，对于每次进一步调用web服务方法，然后将TOKEN传递给每种方法都可以验证所有进一步的请求。

问题：

- 根据您的经验，此认证假设是否合适？

- 我想因为服务是在IIS下托管的，IISUser需要公开对SQL服务器数据库的更正吗？

感谢您的输入

问候

Dear all,

I need to study a specific customer request with the following constraint :

I have a SERVER A which is hosting SQL server 2012
I have CLIENT A which is hosting locally a Server 2012 database as well and run under Windows 10

Client A need to get some data from SERVER A
Client A update local data from retrive data from SERVER A

In order to do that the first appreoach in mind is to place Web services layer in front of SERVER A database hosted under IIS.

The solution works in a company domain which measn that between client A and Server A can have direct network connection of through VPN channel

From CLIENT A, user gets identified through windows login User1 for instance. Then when we want to connect to Server A database through web service hosted at server side, we need to be authenticated to web service using custom users defined in server database like OPER_USER, TECH_USER,MAINT_USER.

The way to do that I was thinking of having an Authtication method for which we pass a User name like OPER_USER for instance. Then if the server A find that user in database it return a valide authetication and an associated TOKEN ( GUID).

Then for each further call to web service metho, then the TOKEN is pass to each method to validate all further request.

Question :

- Does this authentication mecasnism sound suitable based on your experience ?
- I guess that as service is hosted under IIS, the IISUser need to have public permision to SQL server database correct ?

Thanks for your input

regards

这篇关于Web服务设计建议的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！