Which one is the best authentication approach for an Web API, considering that the data security is essential and the ASP.NET application runs on Azure?
Which one is the best authentication approach for an Web API, considering that the
Share
Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
Which one is the best authentication approach for an Web API, considering that the data security is essential and the ASP.NET application runs on Azure?
When dealing with authentication and securing your Web API I recommend you follow the guidelines set by Dominick Baier. There might be no better expert on ASP.NET identity management in the world.
You can find his blog at http://leastprivilege.com/ and a great Web API Identity package at Nuget, Thinktecture.IdentityModel – http://nuget.org/packages/Thinktecture.IdentityModel
As with most of the good open source libraries, since all the functionality is available for your for free, there is no need to reinvent the wheel.
This is a top-to-bottom identity & access control library for .NET 4.0/WIF and .NET 4.5 (including support for MVC and Web API).
If you want to learn more about securing your Web API, you should also watch this video http://vimeo.com/43603474 – Dominick’s talk from NDC Oslo 2012.