Last post Nov 23, 2015 02:45 AM by Zhi Lv - MSFT
Nov 20, 2015 12:55 PM|PQDT|LINK
Hello every one,
I´m developing an application which is Web service based. I´m working with Visual Stidio 2015 and Asp.Net MVC 4.6 and Mongo DB. The language is C#.
Well, I have an asp.net mvc application running with some pages and business logic being trated on controllers. I also have a web API as Rest full web service.
The question is: When I am in browser accessing the application by web, I do the log in proccess and I´m able to get into the application and use de application. That´s all right. But when I try to call one of the methods exposed by the Web API (my web service)
from an Android device app for example, I just call the method and I get the results, without any member validation. This is a bad way to keep the security, because every one can consuming the data just calling the web service method.
I wish to know what can I do, to prevent that situation. How can I implement a proccess of membership between the web service and any other client which will consuming those data. I mean, every client (except the web), must be recognized as a valid member
(or have a valid token, i dont know...) to get the rights of reading, inserting or updating and even deleting data by web service.
Can you guys help me out?
Nov 23, 2015 02:45 AM|Zhi Lv - MSFT|LINK
From your description, I suggest you check the following articles, you could try to set Authentication and Authorization in ASP.NET Web API and Web Service.