How would I go about handling authentication in a RESTful way that will work with desktop/mobile apps?开发者_如何转开发 For eg. I know how to build authentication in my apps by using FormsAuthentication, which relies on cookies, which I assume only works with browsers.
Do I still use FormsAuthentication? My login method takes passwords and usernames, and I plan to use other 3rd party logins such as google, twitter and facebook.
So for the password and username, the client sends that to the server, how do I set it up so an android or windows phone 7 app can authenticate with it.
I'm also exposing some actions with the [Authorize] attribute.
Dominik Bayer did a great talk at NDC 2011 about securing rest services. He discusses pros and cons of multiple ways. A good point to start from...
You have to seperate Authentication and Authorization.
If you go with multiple Login-Provider (google, facebook, twitter) then Oauth would be the choice...
But more details here:
Securing REST-Services and Web-APIs:
http://ndc2011.macsimum.no/SAL1/Torsdag/1740-1840.wmv
![Interactive visualization of a graph in python [closed]](https://www.devze.com/res/2023/04-10/09/92d32fe8c0d22fb96bd6f6e8b7d1f457.gif)
加载中,请稍侯......
精彩评论