Menu
I'm looking at building a simple web app that will expose an API that lets third-party (well, written by me, but that's not the point) apps query for and modify user-specific data stored on the site.
Obviously I don't want to allow apps to be able to get user-specific information without that users consent. I would want some kind of application authentication where users allow an application they run to use the web API to access their information.
Is there a standard way to achieve this or does every app (i.e. rememberthemilk) just hack up a bespoke solution specifically for them?
801
Web API assumes that authentication happens in the host. For web-hosting, the host is IIS, which uses HTTP modules for authentication. You can configure your project to use any of the authentication modules built in to IIS or ASP.NET, or write your own HTTP module to perform custom authentication.
There are three ways to authenticate users when calling a web API: API key authentication. Basic authentication. Session-based authentication.
Will OAuth work for you? That's the problem it was designed to solve.
133
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
