Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Web API Authentication best practice

Tags:

Which one is the best authentication approach for an Web API, considering that the data security is essential and the ASP.NET application runs on Azure?

like image 728
Guilherme Ferreira Avatar asked Aug 31 '12 21:08

Guilherme Ferreira

People also ask

Which authentication is best for web API?

OAuth (specifically, OAuth 2.0) is considered a gold standard when it comes to REST API authentication, especially in enterprise scenarios involving sophisticated web and mobile applications. OAuth 2.0 can support dynamic collections of users, permission levels, scope parameters and data types.

What is the best method for API authentication?

Common API Authentication Methods The simplest way to handle authentication is through the use of HTTP, where the username and password are sent alongside every API call. You can use an HTTP header and encode the username and password.

How do I authenticate Web API?

Web API assumes that authentication happens in the host. For web-hosting, the host is IIS, which uses HTTP modules for authentication. You can configure your project to use any of the authentication modules built in to IIS or ASP.NET, or write your own HTTP module to perform custom authentication.

What is the best way to secure Web API?

For security concerns, it is recommended that the Web APIs should use the HTTPS (HTTP secure) endpoints to ensure that the data communication is encrypted using TLS/SSL (Transport Layer Security). By the way, SSL is a cryptographic protocol responsible for ensuring secure communication over a computer network.

1 Answers

When dealing with authentication and securing your Web API I recommend you follow the guidelines set by Dominick Baier. There might be no better expert on ASP.NET identity management in the world.

You can find his blog at http://leastprivilege.com/ and a great Web API Identity package at Nuget, Thinktecture.IdentityModel - http://nuget.org/packages/Thinktecture.IdentityModel As with most of the good open source libraries, since all the functionality is available for your for free, there is no need to reinvent the wheel.

This is a top-to-bottom identity & access control library for .NET 4.0/WIF and .NET 4.5 (including support for MVC and Web API).

If you want to learn more about securing your Web API, you should also watch this video http://vimeo.com/43603474 - Dominick's talk from NDC Oslo 2012.

like image 126
Filip W Avatar answered Oct 02 '22 12:10

Filip W
Sign in to Comment

Related questions

Shoulda belongs_to with class_name and foreign_key
How to find IIS7 SiteID using site name on Windows 2008 using appcmd or other util?
How do I extract content from HttpResponseMessage from POST when using WEB API?
Double-indexed dictionary
Best ways to deal with properties values in XML file in Spring, Maven and Eclipses
how should i store a price in mongoose?
Why should one use a http server in front of a framework web server?
How to find sub-directories in a directory/folder?
How to use opendiff as default mergetool
Add a range of items to the beginning of a list?
Why is deleting in a single linked list O(1)?
How to retrieve spring data repository instance for given domain class?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!