问题描述

我有一个Web服务创建web服务REST在C＃中，没有任何身份验证。现在，我期待到加入身份验证的Web服务。 WebService的暴露6方法（全部为GET），出这6个方法，我想限制的2种方法管理组的成员访问。目前，我的web服务托管在一个ConsoleHost。该服务的消费者将是同一个域（通常是另一个应用程序），所以如果我能在客户端的WebService的域/用户名（Windows凭据）来传递。我可以在web服务检查，发现如果该用户是admin组的一部分或没有。

I have a created webservice REST Webservice in C# without any authentication. Now, i am looking into adding authentication to the webservice. The webservice exposes 6 methods (all are GET), out of these 6 methods, i want to restrict the access of 2 methods to member of "Admin" group. Currently, my webservice is hosted on a ConsoleHost. The consumer of this service would be in same domain (typically another application), so if I am able to pass in domain/username (Windows Credentials) of the client to the webservice. I can check in the webservice to find if that user is part of "Admin" group or not.

我的问题是我怎么通过客户端的登录凭据服务。我想，我可以使用认证头，但我没有找到一个很好的资源，了解REST Web服务认证头的使用。是否有任何其他的方法来验证Web服务的消费者？

My question is how do I pass logon credentials of the client to the service. I think, I could use authentication header, but I did not find a good resource to learn about usage of authentication headers in REST Webservices. Are there any other ways to authenticate webservice consumer?

在web服务托管，我可以在服务于浏览器的URL（像任何其他网页）型和访问该资源。如何将身份验证在这种情况下工作？

Once the webservice is hosted, I can type in the url of the service (like any other webpage) in a browser and access the resource. How would authentication work in that case?

推荐答案

也许这个指南将帮助您？

Maybe this guide will help you?

的 http://msdn.microsoft.com/en-us/library/dd203052.aspx

特别关于实施身份验证和授权的部分。

Particularly the section about "Implementing Authentication and Authorization"

这篇关于验证WCF休息的WebServices的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！