forms auth or custom header auth for odata which is better_问答_开发者

forms auth or custom header auth for odata which is better

开发者 https://www.devze.com 2023-01-26 04:43 出处：网络

I need this up and running quick but I spent the last few hours researching开发者_开发技巧/worrying about which would be better:

Asp.net Forms Authentication

Custom Header Token:

On the server

protected override void OnStartProcessingRequest(ProcessRequestArgs args)
{
     if (string.IsNullOrEmpty(WebOperationContext.Current.IncomingRequest.Headers.Get("magic")))
     {
           throw new DataServiceException(403, "Sorry No Magic found");
     }
      else
     {
           base.OnStartProcessingRequest(args);
     }
}

On the Windows Forms client

static void datProvider_SendingRequest(object sender, SendingRequestEventArgs e)
{
    e.RequestHeaders.Add("magic","HASHED_userbased_token");
}

Considerations:

I've never used forms auth (but I can learn?)
The user registration is complex (Employee records are checked then users are created based on those)
I have my own custom usergroups/permission tables/system
There is no SSL (client doesnt care about this fact, data is not all that valuable)
I seem like Im more in control with the custom header.

Use a custom header token. Forms auth assumes that a human will be authenticating to the service, which would be a pretty strange thing to happen on an OData end-point. OData is more about computers or services authenticating to the OData service.