开发者

how to secure web api for clients who distribute their application to unknown/unverified users?

开发者 https://www.devze.com 2022-12-24 05:22 出处：网络

How can I sec开发者_开发技巧ure an webservice so my clients can use it on their applications without having to fear that their api keys will be used in other applications?Assuming that:

相关专题：security wcf web-services

How can I sec开发者_开发技巧ure an webservice so my clients can use it on their applications without having to fear that their api keys will be used in other applications?

Assuming that:

you're using WCF to implement your services
You are writing some webservices for your client, so they will host the webservices.

Take a look at the WCF Security Guidance from P&P group: http://wcfsecurity.codeplex.com/

It helped us a lot in defining our security strategy, based on our requirements.

In summary you need to understand how your webservices will be used, what your users will be authenticated and authorized, and based on this, implement the required configuration/code changes.

I hope this helps.

Wagner.