开发者

Best way to handle authentication on .NET WCF Web API

开发者 https://www.devze.com 2023-04-12 07:40 出处:网络
I\'m mildly familiar with DotNetOpenAuth and OAuth in general, but in terms of Web API development, what is the best way to lock开发者_Go百科 down a web service in terms of the following criteria:

I'm mildly familiar with DotNetOpenAuth and OAuth in general, but in terms of Web API development, what is the best way to lock开发者_Go百科 down a web service in terms of the following criteria:

  • Ease of implementation
  • Interoperability/compatibility with end-user facing platforms (iOS, Android, Win Phone, Flex...)
  • Whether or not it is clearly standards-based (like OAuth for example)

Thanks!


please take a look here: OAuth 2.0 in Web API

Inside the WebApiContrib project there are also Basic Authentication samples which is straight forward but it should not be used without SSL.


The DotNetOpenAuth .zip download includes a sample WCF service that is protected by OAuth.


There are a couple of wcf web api implementation to handle authentication on internet. I have done one as well @ http://misaxionsoftware.wordpress.com/2011/07/29/secure-restful-web-service-by-wcf-web-api-no-https-seriously/

Note: code is based on Preview 3, some class name has changed in Preview 5.

The idea of implementation is ensure secured communication without SSL.

It's easy to construct. The function is transparent to your service because all the work is done in message handler. You don't bother to call the authenticate function in your service method.

Compatible with end-point where RSA encryption is supported.

Standards-based, hmm... Standards varies from case to case...

0

精彩评论

暂无评论...
验证码 换一张
取 消