Authenticate HTTP .NET client against Self Host Web API Windows Service

Question

I found great article about client/server implementation via Self Host Web API http://www.asp.net/web-api/overview/older-versions/self-host-a-web-api

And I am wondering about the correct authentication method for this model (Self Host Web API ).

Have I use a bearer token authentication? Is there any other method?

Or for example http://www.asp.net/web-api/overview/security/individual-accounts-in-web-api

I have following working requirements:

1. C# http client must connect to Self Host Web API Windows Service and send files.

2. The connection must be secure 100%.

So how to protect WebAPI, any clue?

Answer 1

Have you checked this answer?

ASP.NET Web API Self-Host with Windows Authentication

Looks like is working quite well with Windows Authentication.

BTW, Bearer it's probably more flexible, but it depends on your needs.

BTW(2): HTTPS is a must if you want to achive an high level of security, but 100% looks veeery high :)