Answered by:
Web API Basic authentication

Question
-
User-1310838221 posted
Hi,
I am new to Web API, my first work on Web API. I have to build a web api service tat will be called from internet. I understand that when Web API service is hosted in IIS, I can set it up with credentials. For web, I read that credentials will be passed in clear text, so does it mean that basic authentication is not secure. I do not know if my client will agree to HTTPS. Is there any other way to make basic authentication secure for Web API?
Thank you.
Monday, April 11, 2016 1:30 AM
Answers
-
User-286291038 posted
Hi tirath.g,
Basic Authentication is only secure over HTTPS. The following posts show some ways to make basic authentication more secure,
http://www.codeproject.com/Articles/1005485/RESTful-Day-sharp-Security-in-Web-APIs-Basic
- Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
Monday, April 11, 2016 3:43 AM -
User36583972 posted
From your description, you can learn the following security tutorial.
Security issues for Web API:
http://www.asp.net/web-api/overview/security
Best Regards,
Yohann Lu
- Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
Monday, April 11, 2016 5:49 AM
All replies
-
User-286291038 posted
Hi tirath.g,
Basic Authentication is only secure over HTTPS. The following posts show some ways to make basic authentication more secure,
http://www.codeproject.com/Articles/1005485/RESTful-Day-sharp-Security-in-Web-APIs-Basic
- Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
Monday, April 11, 2016 3:43 AM -
User36583972 posted
From your description, you can learn the following security tutorial.
Security issues for Web API:
http://www.asp.net/web-api/overview/security
Best Regards,
Yohann Lu
- Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
Monday, April 11, 2016 5:49 AM