I need to expose our repository which resides in our server machine to clients. The clients should be authenticated, and read write permissions are enabled. We are having doubts regarding which way to go with the implementation:
开发者_C百科We already have client based COM layer so we can wrap it with some C# UI.
Server rest services, and then writing rest services based UI in C#/GWT/etc.
Implement WebDav protocol and get free client (windows, total commander, others)
What do you think is the best approach?
I don't know what kind of repository you are talking about, and what your clients need to do with it. But if it's plain reading and writing of files, I'd say WebDAV is the best way to go: It's supported widely across all platforms, has loads of free clients, can be set up on a Windows machine within minutes, supports SSL (I think) and is very easy to use.
If you need to do more fine-grained things like protocol changes, have you considered using source control software like Subversion, Git or Mercurial? They would give great possibilities, but the learning curve for your clients would be very steep. I wouldn't recommend this for a non-techie audience.
WebDAV or SFTP (SSH File Transfer Protocol) server would work. They offer similar functionality, with SFTP being more widespread.
I'm not sure what you have in the way of infrastructure, but I'd suggest putting the server in a DMZ so if anyone breaks in they can't do too much fdamage to the rest of your network.
How are you going to authenticate users? ASP.NET 2.0+ has some useful libraries that provide some excellent out-of-the-box capability fo managing users which integrates with FormsAuthentication; this will gove you options for identity and access management - assuming you write a asp.net front end.
What ever approach you take, I'd suggest PEN testing it - either yourselves or by a third party security specialist.
精彩评论