locked
Why OWIN is secure RRS feed

  • Question

  • User1122836778 posted

    I read almost every where Secure your Web API with Token based authentication. 

    Like these articles

    Secure a Web API with Individual Accounts

    Authentication and Authorization in ASP.NET Web API

    But I could Only advantage of using OWIN and Katana is

    1- It simplify the login with External Identity . 

    2- It reduces the no of request to Db to authorize the USER, as It does not hit the DB.  It authorize the USER using access_token
         as access_token contain all the data related to User for authorization.

    But at the very first step of this process, It accept the user data (username and password for login) in plain formate (application/x-www-form-urlencoded) . which easily can be accessible in the middle for Web API and Client. 

     1- Is there any strong reason to accept the user data in url-encoded format ?

     2- How it is secure apart from simplicity? , as we can authorize the user using basic authentication too .

    Wednesday, April 13, 2016 5:48 PM

Answers