I have checked the link you provide me. Link contains so much articles and I am not able to decide which method/article should I follow.
Also as Web API request is independent with each request, do I need to provide authentication information(like username/password/token etc...) each time along with request?
dmsolanki
Member
164 Points
83 Posts
Security for web API
Dec 04, 2012 09:47 AM|LINK
Hello,
I am using web API and want to integrate some kind of security. I have explored various options and not able to find out something out of my search.
Can someone help me to find out suitable method for my requirement?
My service client are majorly mobile device and tablet computer.
Regards,
Dharmesh Solanki
dbaier
Member
264 Points
66 Posts
MVP
Re: Security for web API
Dec 04, 2012 10:58 AM|LINK
I've written a couple of posts about it - start at the beginning ;)
http://leastprivilege.com/category/webapi/
dominick
_____________________________
Dominick Baier - http://www.leastprivilege.com
dmsolanki
Member
164 Points
83 Posts
Re: Security for web API
Dec 04, 2012 11:12 AM|LINK
Hello dbaier,
Thanks for reply.
I have checked the link you provide me. Link contains so much articles and I am not able to decide which method/article should I follow.
Also as Web API request is independent with each request, do I need to provide authentication information(like username/password/token etc...) each time along with request?
Regards,
Dharmesh Solanki
dbaier
Member
264 Points
66 Posts
MVP
Re: Security for web API
Dec 04, 2012 11:14 AM|LINK
Try to describe your scenario. This can narrow it down ;)
dominick
_____________________________
Dominick Baier - http://www.leastprivilege.com
dmsolanki
Member
164 Points
83 Posts
Re: Security for web API
Dec 04, 2012 11:38 AM|LINK
Hello dbaier,
I have few Web API services and my service clients are Mobile Device and Tablets.
Basically I want to authenticate using some sort of mechanism like "username","password" or security tokens etc...
I do not require high level security but moderatable solution will work for me.
Regards,
Dharmesh Solanki
dbaier
Member
264 Points
66 Posts
MVP
Re: Security for web API
Dec 04, 2012 03:02 PM|LINK
That sounds like Basic Authentication. See here:
http://leastprivilege.com/2012/03/13/asp-net-webapi-security-3-extensible-authentication-framework/
the project home page with samples is here:
http://thinktecture.github.com/Thinktecture.IdentityModel.45/
With Basic Authentication you typically re-transmit the credentials on every request. You can also use a mechanism like a session token, e.g.:
http://leastprivilege.com/2012/06/19/session-token-support-for-asp-net-web-api/
dominick
_____________________________
Dominick Baier - http://www.leastprivilege.com