Last post May 15, 2012 10:26 AM by dbaier
Apr 26, 2012 08:14 AM|MasterV23|LINK
I'm trying to learn how I can authorize my web api calls so that when the call is made I can make sure it's being called from a valid site.
I've added the [Authorize] attribute to my API Contoller, what's the next step since these will be resful calls? Is there a key generator that I would need to use?
Apr 26, 2012 08:55 AM|dbaier|LINK
...and how would you identify a "valid site" ?
Apr 26, 2012 09:26 AM|aliostad|LINK
HTTPS calls can optionally have a client certificate which can be used by the clients.
A practical replacement is using username/password.
There is a Referer HTTP header in the request that can be checked (if it has been referred from another page/site) but you cannot really call it security. http://en.wikipedia.org/wiki/HTTP_referrer
Apr 26, 2012 09:36 AM|MasterV23|LINK
So for authticating Restful services wouldn't you want to try an encrypted key to verify? Just thinking out loud.
Apr 26, 2012 08:30 PM|MasterV23|LINK
Apr 27, 2012 01:09 AM|dbaier|LINK
Well - OAuth has a number of parts.
But if you are looking for a way to do token based authentication, I've written the necessary plumbing for that:
May 15, 2012 07:43 AM|MasterV23|LINK
So what is best to use? OAuth or Token?
Also I clicked the links at the bottom of that page but I got "Page Can Not be Found" error.
May 15, 2012 10:26 AM|dbaier|LINK
I moved my blog. The links are updated now.