Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Authenticating via http using the web api in asp.net

Tags:

asp.net

asp.net-mvc

asp.net-web-api

I've watched and viewed lots of pages on securing asp.net web api's - including: http://weblogs.asp.net/jgalloway/archive/2012/03/23/asp-net-web-api-screencast-series-part-6-authorization.aspx and http://weblogs.asp.net/jgalloway/archive/2012/05/04/asp-net-mvc-authentication-customizing-authentication-and-authorization-the-right-way.aspx - however, I've not yet seen a KISS type example.

If I have a web api, which returns a list of cars for example - and I am working with a 3rd party (ie. not my own website or server/domain) who wants to query (get) and insert (post) lists of cars by a type, into my database, how so I authenticate them (via https)?

Do they simply add (into their JSON GET/Post) something like:

[
{"username":"someusername","password":"somepassword",
{
"carTypeID":12345,
"carTypeID":9876}
"carTypeID":2468}
}
}
]

I can then grab the username and password, and check against my membership database in .net, and "IfUserAuthenticated" go on to process the rest of the JSON?

Or is there a better way of doing this? I've heard of adding details to headers etc - but I'm not sure if that's for a reason, or over complicating it. I've also heard of setting tokens which are sent back to the 3rd party - if that's the best method, what instructions do I give them got building their side of the app that will use my API?

Thanks for any advice/pointers,

Mark

like image 475
Mark Avatar asked Jun 11 '12 21:06

Mark

2 Answers

If you want to keep it simple you can use Basic authentication. Over SSL it's quite secure. It simply involves adding a header to the request:

Authorization: Basic <username:password encoded as base64>

You can find a way to implement it here.

like image 197
Carles Company Avatar answered Sep 28 '22 06:09

Carles Company

You can use HTTP Basic authenticaiton along with SSL. Its very simple to implement using message handlers and is supported out of the box on many platforms. See my blog for an example (it is very easy to integrate with membership provider of your choice)

http://www.piotrwalat.net/basic-http-authentication-in-asp-net-web-api-using-message-handlers/

like image 35
Piotr Walat Avatar answered Sep 28 '22 06:09

Piotr Walat
Sign in to Comment

Related questions

Pass JavaScript/JSON array to MVC 'GET' Method
Repeater's Item command event is not firing on linkbutton click
XML Output In the Wrong Order
Dynamic Page Rendering in ASPX
ASP .Net Textbox Textchanged event
How can I know which email is a reply to another email, in C#?
Is there any way to apply dynamic text to an <h2> tag on a webform?
How do I dynamically set source of an IFrame?
Read AppSettings from a secondary webconfig
How to apply custom bundle order?
Manually upgraded a MVC web app from 3 to 4, can't add API Controllers
Quartz.NET from config.xml in ASP.NET
Entity Framework Code-First: Migrate a database known only at runtime
Python / web scrape / aspx -- is it humanly possible when there are no forms?
How to print a grid view using iTextSharp
Need to call server side event using __doPostBack
"this file is blocked because it came from another computer" - ajax permission issue
MSLinqToSQLGenerator warning
httpErrors shows 500 error instead of YSOD on local machine
What's the best way to bind key/value pair to an asp label

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!