locked
Best Method to Secure Web Api RRS feed

  • Question

  • User1122355199 posted

    Hello Everyone and thanks for your help in advance.  I am in the early stages of developing a WebApi and need some input on the optimal way to design security for this project.  The majority of the api consumption will come from pages which will likely be built into the project itself (unless someone can point to benefits of making the api standalone).  However, there is also the possibility that the api will need to support mobile apps as well, so I need the flexibility not afforded forms authentication.  Also, I know about the Identity framework, but frankly got burned with the limitations of the old membership provider and am concerned about going down that road again.  I've read amny of the articles regarding this topic including:

    http://www.asp.net/web-api/overview/security

    http://www.asp.net/web-api/overview/security/individual-accounts-in-web-api

    but am really unsure of the best way to go.  Any help would be appreciated.

    Thursday, August 18, 2016 3:17 PM

Answers

All replies

  • User36583972 posted

    Hi kmcnet,

    but am really unsure of the best way to go

    I think it has a more suitable encryption method for you. The following links will give you an idea about how to choose the Right API Security Protocol.

    Secure Your REST API… The Right Way:

    https://stormpath.com/blog/secure-your-rest-api-right-way

    Custom security protocols can be used, you can refer the following article.

    Making your ASP.NET Web API’s secure:

    http://codebetter.com/johnvpetersen/2012/04/02/making-your-asp-net-web-apis-secure/

    Best Regards,

    Yohann Lu

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Friday, August 19, 2016 2:33 AM
  • User1122355199 posted

    Thanks for the response.  So if I understand correctly, you are suggesting I utilize Identity as the way to secure, or am I misunderstanding you? 

    Friday, August 19, 2016 8:04 PM
  • User36583972 posted

    Hi kmcnet,

    Yes, you can try to use it.

    The ASP.NET Identity system is designed to replace the previous ASP.NET Membership and Simple Membership systems. It includes profile support, OAuth integration, works with OWIN.

    You can read some tutorials about ASP.NET Identity in the below:

    http://www.asp.net/identity

    Best Regards,

    Yohann Lu

    Friday, August 26, 2016 11:40 AM