Home/ Questions/Q 8810131
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-14T03:03:08+00:00

I’m starting a new system creating using .NET MVC – which is a relatively

  • 0

I’m starting a new system creating using .NET MVC – which is a relatively large scale business management platform. There’s some indication that we’ll open the platform to public once it is released and pass the market test.

We will be using ExtJs for the front-end which leads us to implement most data mining work return in JSON format – this makes me think whether I should learn the OAuth right now and try to embed the OAuth concept right from the beginning?

Basically the platform we want to create will initially fully implemented internally with a widget system; our boss is thinking to learn from Twitter to build just a core database and spread out all different features into other modules that can be integrated into the platform. To secure that in the beginning I proposed intranet implementation which is safer without much authentication required; however they think it will be once-for-all efforts if we can get a good implementation like OAuth into the platform as we start? (We are team of 6 and none of us know much about OAuth in fact!)

I don’t know much about OAuth, so if it’s worth to implement at the beginning of our system, I’ll have to take a look and have my vote next week for OAuth in our meeting. This may effect how we gonna implement the whole web service thing, so may I ask anyone who’s done large-scale web service /application before give some thoughts and advice for me?

Thanks.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    OAuth 1 is nice if you want to use HTTP connections. If you can simply enforce HTTPS connections for all users, you might want to use OAuth 2, which is hardly more than a shared token between the client and server that’s sent for each single request, plus a pre-defined way to get permission from the user via a web interface.

    If you have to accept plain HTTP as well, OAuth 1 is really nice. It protects against replay attacks, packet injection or modification, uses a shared secret instead of shared token, etc. It is, however, a bit harder to implement than OAuth 2.

    OAuth 2 is mostly about how to exchange username/password combinations for an access token, while OAuth 1 is mostly about how make semi-secure requests to a server over an unencrypted connection. If you don’t need any of that, don’t use OAuth. In many cases, Basic HTTP Authentication via HTTPS will do just fine.

    • 0