As far as I know, rhere are mutliple ways that we could use to improve the security.
For example:
You could check the send request IP address location and store it in the database.
If you find the send request IP address location is not in the normall location, you could disable user login firstly and send the Email to user to let the user check it.
Besides, we could enable SSL to improve the security for the oauth authorization.If we enable the SSL, the hacker will get the password more harder.
Best Regards,
Brando
MSDN Community Support
Please remember to click "Mark as Answer" the responses that resolved your issue.
If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.
Member
176 Points
621 Posts
Improve security in Oauth authorization
Jun 17, 2019 04:14 AM|neoaguil17|LINK
Hi
I use a Token Based Authentication for Web API, such as in this article...
https://www.codeproject.com/Articles/1187872/Token-Based-Authentication-for-Web-API-where-Legac
I see that a hacker can get the encrypted password and create a windows service which can send the user and encrypted password to obtain the token,...
How could I improve this security?
Star
9801 Points
3120 Posts
Re: Improve security in Oauth authorization
Jun 17, 2019 09:10 AM|Brando ZWZ|LINK
Hi neoaguil17,
As far as I know, rhere are mutliple ways that we could use to improve the security.
For example:
You could check the send request IP address location and store it in the database.
If you find the send request IP address location is not in the normall location, you could disable user login firstly and send the Email to user to let the user check it.
Besides, we could enable SSL to improve the security for the oauth authorization.If we enable the SSL, the hacker will get the password more harder.
Best Regards,
Brando
Please remember to click "Mark as Answer" the responses that resolved your issue.
If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.
Member
81 Points
51 Posts
Re: Improve security in Oauth authorization
Jun 19, 2019 09:17 AM|Titto Thomas|LINK
Ensure HTTPS communication for your application. That is the only best thing can be done to protect your password and token from transit.