Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Web API Authentication best practice

Tags:

Which one is the best authentication approach for an Web API, considering that the data security is essential and the ASP.NET application runs on Azure?

like image 728
Guilherme Ferreira Avatar asked Aug 31 '12 21:08

Guilherme Ferreira


People also ask

Which authentication is best for web API?

OAuth (specifically, OAuth 2.0) is considered a gold standard when it comes to REST API authentication, especially in enterprise scenarios involving sophisticated web and mobile applications. OAuth 2.0 can support dynamic collections of users, permission levels, scope parameters and data types.

What is the best method for API authentication?

Common API Authentication Methods The simplest way to handle authentication is through the use of HTTP, where the username and password are sent alongside every API call. You can use an HTTP header and encode the username and password.

How do I authenticate Web API?

Web API assumes that authentication happens in the host. For web-hosting, the host is IIS, which uses HTTP modules for authentication. You can configure your project to use any of the authentication modules built in to IIS or ASP.NET, or write your own HTTP module to perform custom authentication.

What is the best way to secure Web API?

For security concerns, it is recommended that the Web APIs should use the HTTPS (HTTP secure) endpoints to ensure that the data communication is encrypted using TLS/SSL (Transport Layer Security). By the way, SSL is a cryptographic protocol responsible for ensuring secure communication over a computer network.


1 Answers

When dealing with authentication and securing your Web API I recommend you follow the guidelines set by Dominick Baier. There might be no better expert on ASP.NET identity management in the world.

You can find his blog at http://leastprivilege.com/ and a great Web API Identity package at Nuget, Thinktecture.IdentityModel - http://nuget.org/packages/Thinktecture.IdentityModel As with most of the good open source libraries, since all the functionality is available for your for free, there is no need to reinvent the wheel.

This is a top-to-bottom identity & access control library for .NET 4.0/WIF and .NET 4.5 (including support for MVC and Web API).

If you want to learn more about securing your Web API, you should also watch this video http://vimeo.com/43603474 - Dominick's talk from NDC Oslo 2012.

like image 126
Filip W Avatar answered Oct 02 '22 12:10

Filip W