开发者

Could you give feedback to my Web Service security approach?

I am developing an WP7 application that connects to a set of webservices.

I am new to this kind of application communication and would lik开发者_如何学Pythone to present my authentication solution and get your feedback.

I would like the user to call a login WS once, it would return a token to him and he would be required to send this token every other WS call, as an "authentication" (If you have any better idea, please let me know).

At the WS side, I would store the tokens in an data structure which would be "global", and each time an WS is called passing the token as a parameter, I would look for the token in this data structure.

The fact that there is a global structure makes me think that this approach is wrong. Could you please give me feedback about it?

Thank you,

Oscar


There doesn't seem to be anything "wrong" with this idea. This is how many web sites operate: you login once, and the site returns an authentication cookie which is handed back by the browser at each request. However, the "devil is in the details." Make sure you're doing this for the right reasons.

-Oisin

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜