What is the simplest security that could be applied in ASP.NET Web API in MVC 4 to prevent external users from accessing the Web service , is there anything simple enough like authorization of some token which could be maintained for each instance?
Add a comment
|
2 Answers
It depends, a Http Web API is stateless by nature. If you are invoking the Web API from a web browser using Ajax, you might rely on cookies for maintaining the user identity in the session. Otherwise, other traditional HTTP authentication mechanisms like basic authentication requires the user credentials in every call. You might want to take at the Thinktecture.IdentityModel library, which provides a lot of extensibility points for authentication.
Regarding authorization. The framework already ships with a few attributes like AllowAnonymousAttribute or AuthorizeAttribute that you can use to decorate the Web Api methods.
1 Comment
Rameez Ahmed Sayad
Thanks Pablo .... even Thinktecture.IdentityModel library seems an interesting option ... will have to go through the sample code maybe to understand better
Better you could have search about Authorization in MVC. Yes it does support it. Please check the below links which could be helpful.
1 Comment
Rameez Ahmed Sayad
Thanks Ranjith ... Adding the below line in Global file in Application_Start() GlobalConfiguration.Configuration.Filters.Add(new System.Web.Http.AuthorizeAttribute()); would require authorized users to access the WepAPI hence .... I came across OPath and OId which seemed pretty difficult hence the question ... don't know how i missed the authorization