For my sins, I am in charge of developing a service for providing data to both our internal systems running .net apps as well as external systems running php. For the sake of future proofing, I want to ensure it is callable from ruby as well.
对于我的罪过,我负责开发一项服务,为运行.net应用程序的内部系统以及运行php的外部系统提供数据。为了将来打样,我想确保它也可以从ruby中调用。
My service will perform authentication and look up account details from a central user repository. So go to our php web front end, enter username/password and the php app calls my thing. Internally, it will be wcf over local tcp/ip, externally, webservice, possibly ws-security.
我的服务将执行身份验证并从*用户存储库中查找帐户详细信息。所以去我们的php web前端,输入用户名/密码,php应用程序调用我的东西。在内部,它将是wcf over local tcp / ip,external,webservice,可能是ws-security。
Obviously, we want to ensure this thing is only called by trusted callers. My initial inclination is to insist on some client certificate mechanism, but as I am a complete n00b outside of the .net world, I need some advice.
显然,我们希望确保这个东西只能由可信赖的呼叫者调用。我最初的倾向是坚持一些客户端证书机制,但由于我是.net世界之外的完整n00b,我需要一些建议。
Do current php/ruby implementations of web service calls support caller client certs? I'm going to go ahead and assume the php/ruby callers run on some standard, modern version of linux. What are the pitfalls to watch out for? The last thing I want is to build this awesome thing, have our .net callers work fine and then need to rebuild it/kludge something together to get it working for our php callers.
当前的Web服务调用的php / ruby实现是否支持调用者客户端证书?我将继续并假设php / ruby调用者在一些标准的现代版本的linux上运行。有什么值得注意的缺陷?我想要的最后一件事就是构建这个令人敬畏的东西,让我们的.net调用者正常工作,然后需要重建它/ kludge一起来让它为我们的php调用者工作。
Any advice is appreciated.
任何建议表示赞赏。
1 个解决方案
#1
Why dont you use another authentication mechanism (API authorization) to accessing your service? You can generate a private key for every client and let them use your services providing the correct key over https.
为什么不使用其他身份验证机制(API授权)来访问您的服务?您可以为每个客户生成一个私钥,让他们使用您的服务,通过https提供正确的密钥。
Look http://oauth.net/
#1
Why dont you use another authentication mechanism (API authorization) to accessing your service? You can generate a private key for every client and let them use your services providing the correct key over https.
为什么不使用其他身份验证机制(API授权)来访问您的服务?您可以为每个客户生成一个私钥,让他们使用您的服务,通过https提供正确的密钥。
Look http://oauth.net/