Best way to handle authentication on .NET WCF Web API

oauth asp.net-web-api dotnetopenauth
tacos_tacos_tacos picture tacos_tacos_tacos · Oct 12, 2011 · Viewed 8.4k times · Source

I'm mildly familiar with DotNetOpenAuth and OAuth in general, but in terms of Web API development, what is the best way to lock down a web service in terms of the following criteria:

  • Ease of implementation
  • Interoperability/compatibility with end-user facing platforms (iOS, Android, Win Phone, Flex...)
  • Whether or not it is clearly standards-based (like OAuth for example)

Thanks!

Answer

Alexander Zeitler picture Alexander Zeitler · Oct 12, 2011

please take a look here: OAuth 2.0 in Web API

Inside the WebApiContrib project there are also Basic Authentication samples which is straight forward but it should not be used without SSL.

Related questions

How to secure an ASP.NET Web API

I want to build a RESTful web service using ASP.NET Web API that third-party developers will use to access my application's data. I've read quite a lot about OAuth and it seems to be the standard, but finding a …

Read More
I get "Authorization has been denied for this request." error message when using OWIN oAuth middleware (with separate Auth and Resource Server)

I am attempting to decouple my auth and resource server. I am following the example provided in this tutorial: http://bitoftech.net/2014/09/24/decouple-owin-authorization-server-resource-server-oauth-2-0-web-api/ This is the code in my Startup.cs in my auth server: using Microsoft.Owin; …

Read More
Get IPrincipal from OAuth Bearer Token in OWIN

I have successfully added OAuth to my WebAPI 2 project using OWIN. I receive tokens and can use them in the HTTP Header to access resources. Now I want to use those tokens also on other channels for authentication that are …

Read More