Best way to secure ASP.NET Web API 2 where multiple client use it

c# asp.net-mvc api token hmac
16,699

Solution 1

You are on the right track by using Token based authentication. Here is a link which shows the implementation details-

Token based authentication in Web API without any user interface

Additionally, I think you can secure the channel using SSL-

http://www.c-sharpcorner.com/UploadFile/55d2ea/creating-and-using-C-Sharp-web-application-over-https-ssl/

Solution 2

The token based approach used in OAuth2 and OpenIdentity is very wide spread and enables a wide range of scenarios (Web Apps, Mobile, Deskop Apps, microservices).

There are some good libraries out there for providing and consuming tokens. They should be preferred over implementing your own protocols. Later approach is more error prone and is more difficult to be consumed by other clients (if there is the need in the future). I recommend to have a look in the IdentityServer (it is OpenSource). A introduction can be found here.

Generally I recommend to dig deeper into the blogs about token based authentication - it is a huge topic, but it is worth it.

Share:
16,699
Kaizer
Author by

Kaizer

Updated on June 27, 2022

Comments

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

How does the ApiController class work and behave?
What does IAppbuilder.UseWebApi do?
Instance of 'Future<dynamic>' in Flutter
414 (Request-URI Too Long)
System.Web.HttpContext.Current.get returned null in asp.net mvc controller
Use a shared controller class for entire area?
How to bind a DataTable to a DropDownList using MVC RAZOR?
POST request with JSON Body Serialization
c# OAuth and Signatures
Response "',' is an invalid start of a value. Path: $. in Asp.Net Core API