Web API Basic authentication

Question

User-1310838221 posted

Hi,

I am new to Web API, my first work on Web API. I have to build a web api service tat will be called from internet. I understand that when Web API service is hosted in IIS, I can set it up with credentials. For web, I read that credentials will be passed in clear text, so does it mean that basic authentication is not secure. I do not know if my client will agree to HTTPS. Is there any other way to make basic authentication secure for Web API? 

Thank you.

Answer 1

User-286291038 posted

Hi tirath.g,

Basic Authentication is only secure over HTTPS. The following posts show some ways to make basic authentication more secure,

http://www.dotnet-tricks.com/Tutorial/webapi/E3K8220314-Securing-ASP.NET-Web-API-using-basic-Authentication.html

http://www.codeproject.com/Articles/1005485/RESTful-Day-sharp-Security-in-Web-APIs-Basic

Answer 2

User36583972 posted

Hi tirath.g@hotmail.com,

From your description, you can learn the following security tutorial.

Security issues for Web API:

http://www.asp.net/web-api/overview/security

Best Regards,

Yohann Lu