Which one is the best authentication approach for an Web API, considering that the data security is essential and the ASP.NET application runs on Azure?
OAuth (specifically, OAuth 2.0) is considered a gold standard when it comes to REST API authentication, especially in enterprise scenarios involving sophisticated web and mobile applications. OAuth 2.0 can support dynamic collections of users, permission levels, scope parameters and data types.
Common API Authentication Methods The simplest way to handle authentication is through the use of HTTP, where the username and password are sent alongside every API call. You can use an HTTP header and encode the username and password.
Web API assumes that authentication happens in the host. For web-hosting, the host is IIS, which uses HTTP modules for authentication. You can configure your project to use any of the authentication modules built in to IIS or ASP.NET, or write your own HTTP module to perform custom authentication.
For security concerns, it is recommended that the Web APIs should use the HTTPS (HTTP secure) endpoints to ensure that the data communication is encrypted using TLS/SSL (Transport Layer Security). By the way, SSL is a cryptographic protocol responsible for ensuring secure communication over a computer network.
When dealing with authentication and securing your Web API I recommend you follow the guidelines set by Dominick Baier. There might be no better expert on ASP.NET identity management in the world.
You can find his blog at http://leastprivilege.com/ and a great Web API Identity package at Nuget, Thinktecture.IdentityModel - http://nuget.org/packages/Thinktecture.IdentityModel As with most of the good open source libraries, since all the functionality is available for your for free, there is no need to reinvent the wheel.
This is a top-to-bottom identity & access control library for .NET 4.0/WIF and .NET 4.5 (including support for MVC and Web API).
If you want to learn more about securing your Web API, you should also watch this video http://vimeo.com/43603474 - Dominick's talk from NDC Oslo 2012.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With