发表新帖
发表新帖

How should I handle user identity for a Window Phone / WCF / ASP.NET MVC application?

前端 未结
关注
3 642
广开言路
广开言路 2021-02-04 12:09

I\'m working on an application which allows data entry and display from both a Windows Phone application and an MVC 3 web interface. Data access for the phone client is via aut

相关标签:
3条回答
  • 孤街浪徒
    2021-02-04 12:43

    An alternative to an API Key is to use claims based identity and security tokens. You could use the Windows Azure Access Control Service as a trusted issuer of security tokens, with the value add that it comes pre-configured to use LiveID, Facebook, Google, any OpenID and any WS-Federation identity provider. Both the web site and the web service would trust ACS.

    ACS will give you SAML tokens for the web site (allowing your users to login to it with LiveID, Google or FB).

    ACS can also issue Simple Web Tokens (SWT), which are especially neat for REST services (assuming the phone client uses that).

    You can't use the LiveID associated with the phone in your app, but you can still use LiveID (or any other identity provider). This is an example of how to do it. It uses the common approach of embedding a web browser in the phone app and use to for all security token negotiation.

    Using ACS gives you a lot of flexibility without all the complextity. Making a web site "claims aware" and trust ACS is very straight forward. More samples here: http://claimsid.codeplex.com

    0 讨论(0)
  • 遇见更好的自我
    2021-02-04 12:50

    If you need to link the Phone to a user on the MVC site you could do what Netflix and Amazon do for Roku and other devices and have some sort of an activation process. To make it easier you could use a QR Code or some other type of barcode generated by the MVC site, have the user take a picture of it, and process the image using the Silverlight ZXing Barcode Scanning Library. Probably a bit convoluted, but it works for all the set top boxes.

    0 讨论(0)
  • 渐次进展
    2021-02-04 12:52

    Dear Jon, I have no experience on WP development but I have made a a little search for WCF Auth. for couple of days recently and found out that the apiKey auth is nearly the best way to me. Rob Jacobs has explained how it works on this article;

    http://blogs.msdn.com/b/rjacobs/archive/2010/06/14/how-to-do-api-key-verification-for-rest-services-in-net-4.aspx

    0 讨论(0)
 看不清?
提交回复
热议问题