由网友(空欢喜一场)分享简介：我写了一个简单的.NET Web服务，我将被托管在其他服务器上可能在不同的大陆。我真的不知道。现在，我只用了它的网址，我试图用WebRequest类和WebResponse方法来访问Web服务VAI HTTP POST。现在，我想知道有没有什么办法来保护Web服务访问，因此没有人可以利用它？I have writte...

我写了一个简单的.NET Web服务，我将被托管在其他服务器上可能在不同的大陆。我真的不知道。现在，我只用了它的网址，我试图用WebRequest类和WebResponse方法来访问Web服务VAI HTTP POST。现在，我想知道有没有什么办法来保护Web服务访问，因此没有人可以利用它？

I have written a simple .NET webservice, which I will be hosted on a different server may be on different continent. I don't really know. Now, I only had its URL and I tried to use webrequest and webresponse method to access that web service vai HTTP POST. Now, I want to know is there any way to secure the webservice access, so that nobody can exploit it?

例如：

的http://example.com/Verify/Verification.asmx/Verify?AccountNumber=3223&ProductName=876

现在，这些都是调用此WebService所需的参数。就好像现在，任何人都可以利用它。所以，我怎么可以把它安全吗？虽然，我打算到SSL，这整个事情是从服务器发生在服务器上，而不是从客户端到服务器？

Now, these are all the parameters required to call this webservice. As if now, anyone can exploit it. So how can I make it secure? Although, I am planning to get SSL and this whole thing is happening from server to server, not from client to server?

推荐答案

您可以通过服务密钥（很像亚马逊WS）在Web请求可能与算法的选择，这是被加密的授权头然后解密在服务端，只继续执行，如果密钥匹配

You can pass a service key (much like Amazon WS) in the authorization header of the web request which could be encrypted with an algorithm of your choice, which is then decrypted at the service end and only continue with the execution if the key matches

见14.8以下网址

http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html