Home/ Questions/Q 9148601
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-17T11:19:19+00:00

I am writing a Web Api (using asp.net Web Api) and naturally want clients

  • 0

I am writing a Web Api (using asp.net Web Api) and naturally want clients to authenticate to use the service.

I was hoping to write a Javascript plugin that would make use of the Api and then make it available to be simply dropped into other web sites.

Is there a secure way I can have the plugin authenticate?
I’m not sure how I could keep any information passed to the plugin confidential.

I also want the API to be used by native apps, so does that rule anything making use of cookies?

Thanks

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Is there a secure way I can have the plugin authenticate?

    You are going to have to either embed the username/password in your plugin OR have some fields to get that information from the user.

    Consider some code if you choose to embed the username/password:

    $.ajax({
        url: 'api/foo',
        type: 'GET',
        dataType: 'json',
        success: onSuccess,
        error: onError,
        beforeSend: setHeader
    });

    note the assignment of beforeSend to setHeader:

    function setHeader(xhr) {    
    xhr.setRequestHeader('Authorization', 'Basic YXBpX3VzZXIxOjEyMzQxMjM0');

    }

    Note, you will have to pre-calculate the auth string using the method below

    Now if you want to pull the username/password from the user you could do this:

    function setHeader(xhr) {            
        xhr.setRequestHeader('Authorization', make_base_auth($("#username").val(), $("#password").val()));
}

function make_base_auth(user, password) {
    var tok = user + ':' + password;
    var hash = Base64.encode(tok);
    return "Basic " + hash;
}
    • 0